Submitted URL: http://google.ottm.dev/
Effective URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Submission: On January 19 via api from US — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 33 HTTP transactions. The main IP is 52.26.63.164, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is google.ottm.dev.
TLS certificate: Issued by R3 on January 19th 2022. Valid for: 3 months.
This is the only time google.ottm.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
10 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2185
ekr.zdassets.com — Cisco Umbrella Rank: 2460
394 KB
5 facebook.com
www.facebook.com — Cisco Umbrella Rank: 98
155 KB
5 google.com
apis.google.com — Cisco Umbrella Rank: 140
accounts.google.com — Cisco Umbrella Rank: 84
127 KB
5 ottm.dev
google.ottm.dev
72 KB
3 zendesk.com
overthetopmarketing.zendesk.com
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 146
84 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
1 gstatic.com
ssl.gstatic.com
40 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293
30 KB
33 9
Domain Requested by
9 static.zdassets.com google.ottm.dev
static.zdassets.com
5 www.facebook.com connect.facebook.net
www.facebook.com
5 google.ottm.dev 1 redirects google.ottm.dev
3 overthetopmarketing.zendesk.com static.zdassets.com
3 apis.google.com google.ottm.dev
apis.google.com
2 accounts.google.com apis.google.com
ssl.gstatic.com
2 connect.facebook.net google.ottm.dev
connect.facebook.net
2 www.google-analytics.com google.ottm.dev
www.google-analytics.com
1 ssl.gstatic.com accounts.google.com
1 ekr.zdassets.com static.zdassets.com
1 ajax.googleapis.com google.ottm.dev
33 11

This site contains links to these domains. Also see Links.

Domain
www.overthetop.com
Subject Issuer Validity Valid
google.ottm.dev
R3
2022-01-19 -
2022-04-19
3 months crt.sh
*.apis.google.com
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
ssl1036557.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2021-07-08 -
2022-07-07
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-10-28 -
2022-01-26
3 months crt.sh
*.google.com
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
accounts.google.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-12-08 -
2022-03-02
3 months crt.sh
overthetopmarketing.zendesk.com
Cloudflare Inc ECC CA-3
2021-06-05 -
2022-06-04
a year crt.sh

This page contains 4 frames:

Primary Page: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Frame ID: A0243FE12B320A7F8664560E5599A5C7
Requests: 14 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 52B795468770C59312B1624D7FB0DD21
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
Frame ID: A491845C1D2A5A377898B0D8C29ABEE0
Requests: 5 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Frame ID: 21E044F57761005EC8E47B2FE2471228
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Advantage - Login

Page URL History Show full URLs

  1. http://google.ottm.dev/ HTTP 307
    https://google.ottm.dev/ HTTP 302
    https://google.ottm.dev/Login.aspx?ReturnUrl=%2f Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta[^>]*google-signin-client_id
  • <meta[^>]*google-signin-scope

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

100 %
HTTPS

70 %
IPv6

9
Domains

11
Subdomains

10
IPs

3
Countries

923 kB
Transfer

2914 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://google.ottm.dev/ HTTP 307
    https://google.ottm.dev/ HTTP 302
    https://google.ottm.dev/Login.aspx?ReturnUrl=%2f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Login.aspx
google.ottm.dev/
Redirect Chain
  • http://google.ottm.dev/
  • https://google.ottm.dev/
  • https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
20 KB
20 KB
Document
General
Full URL
https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.26.63.164 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-63-164.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b7aae2323fb47c27650057694cdb46ef707692e456bdbf529ea3054cda94945f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
private
content-type
text/html; charset=utf-8
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
access-control-allow-origin
*
date
Wed, 19 Jan 2022 15:40:40 GMT
content-length
20583

Redirect headers

cache-control
private
content-type
text/html; charset=utf-8
location
/Login.aspx?ReturnUrl=%2f
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
access-control-allow-origin
*
date
Wed, 19 Jan 2022 15:40:39 GMT
content-length
142
client:platform.js
apis.google.com/js/
52 KB
21 KB
Script
General
Full URL
https://apis.google.com/js/client:platform.js?onload=start
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3aa9e6d21978185255f68a04ca44d1ea071b2c26efa39f55c2a40f84a3dddf7c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-XU4o7Q/s0s6AmWXnn9kwOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
cross-origin-opener-policy
same-origin
etag
"b40e83c6d8a30db654d6d732708b1dc7"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-XU4o7Q/s0s6AmWXnn9kwOw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Wed, 19 Jan 2022 15:40:40 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/
85 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 18 Jan 2022 10:01:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106737
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 18 Jan 2023 10:01:43 GMT
snippet.js
static.zdassets.com/ekr/
20 KB
6 KB
Script
General
Full URL
https://static.zdassets.com/ekr/snippet.js?key=ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4eb3d539dd1a33f6b36a83cebe63c9bae149933824859089389bd8b24865768c
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
MPPGZY0TWBY0P33Z
x-amz-id-2
+sr5ZCyodSLA/cuoF+OSODDqmAD8xfIXZi/J3ojbFW7LJTMtOuhP3EdhOUr+oG/gh4BACCeX+yw=
last-modified
Sun, 09 Jan 2022 23:14:59 GMT
server
cloudflare
etag
W/"301f9083ec60c9321ec7789c905c3232"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5fCOd4B4pnygQsBu6c2Uz%2F7aV%2BjMiYaTGBtLSQg%2F0fP9%2Fb8tsR7D9SeN3LL7wmjgYDOTDrHEDJMhhi1nNW514Cd%2F7%2F%2BzIuG329NRL6axmgo0CWiG92p0v2Ll0OhVQh4DIfCT84%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
x-amz-version-id
oV93LKh3GEBdpA7a6pYv5Alew2GE593j
cf-ray
6d0129b14a0e360d-MAN
WebResource.axd
google.ottm.dev/
23 KB
23 KB
Script
General
Full URL
https://google.ottm.dev/WebResource.axd?d=-z8dzNBl11BjkV1gevOeUsRKT0bsGAij3W7mDvWZRQ2Z0AGJkpMAxjfypZOG0ZdjignGdMtUDal3wO6GdEv4JSn8iYM1&t=637103346965614113
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.26.63.164 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-63-164.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:40 GMT
last-modified
Tue, 26 Nov 2019 03:11:36 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public
content-length
23063
expires
Thu, 19 Jan 2023 15:10:29 GMT
WebResource.axd
google.ottm.dev/
26 KB
26 KB
Script
General
Full URL
https://google.ottm.dev/WebResource.axd?d=1JTEGfuxjCe7OgTIzcbjBJ4dg079GDfba4Bk7n8BL4eReR_vusF56UijI_y-_TssqRvaUlkjGC1HrwAVwf2ueBskugdkoSwoybLW3YnBMOnJO_KX0&t=637103346965614113
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.26.63.164 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-63-164.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:40 GMT
last-modified
Tue, 26 Nov 2019 03:11:36 GMT
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public
content-length
26951
expires
Thu, 19 Jan 2023 15:10:29 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.fTaiTKatF_k.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMXRHEXK0JsfodiVatZb9gMAYhYSA/
309 KB
105 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.fTaiTKatF_k.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMXRHEXK0JsfodiVatZb9gMAYhYSA/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client:platform.js?onload=start
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da87fe5f0d211f53391640723a6ecb7bb6fbb53145c1f069b6d6dd5c066fae0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 18 Jan 2022 23:15:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
59140
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
107219
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 18 Jan 2023 23:15:00 GMT
btn_google_signin_dark_normal_web.png
google.ottm.dev/assets/images/
2 KB
2 KB
Image
General
Full URL
https://google.ottm.dev/assets/images/btn_google_signin_dark_normal_web.png
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.26.63.164 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-26-63-164.us-west-2.compute.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c9124989ddb6a4c54ac930450171639ba9526c8f7ed9d2fdc548345fb3401d67

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:40 GMT
last-modified
Wed, 01 Apr 2020 16:07:53 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"223228b33f8d61:0"
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
2316
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
2374
date
Wed, 19 Jan 2022 15:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 19 Jan 2022 17:01:06 GMT
ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
ekr.zdassets.com/compose/
498 B
1020 B
XHR
General
Full URL
https://ekr.zdassets.com/compose/ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7936f260a37fedb933ff179e31483a1de0f2c444af15d5b310e0b6b00b5c9172
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Origin, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
status
200 OK
access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=0
x-request-id
5b3c7b48-3522-468b-a4f2-9d56f7b014f0
x-runtime
0.002618
server
cloudflare
etag
W/"7936f260a37fedb933ff179e31483a1d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayrLL6k1FWAfSPQWPljFmcspYBuL1m6qGaxCuw9GVccOAXCZtd3ODy%2BDEu4eMDfc21AgdHTR62k8KCofNDarrsXt%2FshNoIfSvclpbuKG5kmvLn546Ewz7%2FfVN%2BXeNSMhh74%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
6d0129b338a8064c-MAN
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: google.ottm.dev
URL: https://google.ottm.dev/Login.aspx?ReturnUrl=%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e1c4d605a29796a964c176901f70e2a3093525998136f8a78cb7375d7ea3dc82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
5TjHzJoagiCyHex1UocuxQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1687
x-fb-rlafr
0
x-fb-debug
jrFstrxtV519nuc4BVzbrXleaSKdwmAVh4EAbofZmxKuGHCfIXiZBzo2811nKFMcUpQuthRuqR4ZLk924mgiRw==
x-fb-trip-id
917726464
x-fb-content-md5
8a2a1ccb0e1a4dce99acf7bc7fbdb480
x-frame-options
DENY
date
Wed, 19 Jan 2022 15:40:40 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"64137664a898e03360a62ac097fc65e1"
timing-allow-origin
*
expires
Wed, 19 Jan 2022 15:56:54 GMT
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=53830470&t=pageview&_s=1&dl=https%3A%2F%2Fgoogle.ottm.dev%2FLogin.aspx%3FReturnUrl%3D%252f&ul=en-us&de=UTF-8&dt=Advantage%20-%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=489551466&gjid=1055942721&cid=29993628.1642606840&tid=UA-31612315-2&_gid=568803438.1642606840&_r=1&_slc=1&z=1265431260
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://google.ottm.dev/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Jan 2022 15:40:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://google.ottm.dev
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.fTaiTKatF_k.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMXRHEXK0JsfodiVatZb9gMAYhYSA/
62 B
86 B
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.fTaiTKatF_k.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMXRHEXK0JsfodiVatZb9gMAYhYSA/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client:platform.js?onload=start
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 19:54:36 GMT
x-content-type-options
nosniff
age
589564
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 04:25:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 12 Jan 2023 19:54:36 GMT
sdk.js
connect.facebook.net/en_US/
290 KB
82 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=f5e9f6540962873ddc277019df29c746
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2c4b33a10eb385aec08d76f554b04a4b3dec5d49e2d76e6ea1bfc4f567522feb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://google.ottm.dev/
Origin
https://google.ottm.dev
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
Ls3Ts9NaJKJUWHIzMOusGQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
83467
x-fb-rlafr
0
x-fb-debug
pk4j4a4vwC0I2AbyqRB16/6dycTXDIAljY0g4ekPfRSOm5px+2NW8HXepeKtDVEKTLjMh/I8lk9kbdAyfkmJgQ==
x-fb-content-md5
7e7ef1f8becf56ce378864474ac0ca24
x-frame-options
DENY
date
Wed, 19 Jan 2022 15:40:40 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"c2b8f1d688280776a0a69ae2f24a3316"
timing-allow-origin
*
priority
u=3,i
expires
Thu, 19 Jan 2023 14:05:33 GMT
iframe
accounts.google.com/o/oauth2/ Frame 52B7
512 B
902 B
Document
General
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.fTaiTKatF_k.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMXRHEXK0JsfodiVatZb9gMAYhYSA/cb=gapi.loaded_0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
41dbda9bb67e88befa44647178bb3a2203da554d669ffb37f2ab7d3b1c1c8822
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kyqfQAqsM5rB5gzt0mZ3gA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/

Response headers

content-type
text/html; charset=utf-8
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 19 Jan 2022 15:40:40 GMT
content-language
en-US
content-security-policy
script-src 'report-sample' 'nonce-kyqfQAqsM5rB5gzt0mZ3gA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
341124057-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame 52B7
113 KB
40 KB
Script
General
Full URL
https://ssl.gstatic.com/accounts/o/341124057-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
afbd87106866a83309ba4615e41aee575d89c2064baad0465b199456ae654994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 17 Jan 2022 18:41:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
161948
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39857
x-xss-protection
0
last-modified
Sat, 08 Jan 2022 03:08:14 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 17 Jan 2023 18:41:32 GMT
login_button.php
www.facebook.com/v2.4/plugins/ Frame A491
35 KB
16 KB
Document
General
Full URL
https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=f5e9f6540962873ddc277019df29c746
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b3f0b2185e0b91d4b41e82e204f95d4940e7e4fe1a9edf7f637f7d6bb189a6da
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://google.ottm.dev/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-resource-policy
same-origin
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v12.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
Av0qdaWP13Ml0e6sYqiHu38lI678tWsjDFDWxr0mSpdbdwvSZjlr4Ypfgnmk3IjekYY/CyWyJQFDBrIIbQXKOA==
date
Wed, 19 Jan 2022 15:40:41 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
iframerpc
accounts.google.com/o/oauth2/ Frame 52B7
15 B
59 B
XHR
General
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fgoogle.ottm.dev&client_id=937351949275-kt7fm2par20jdd2v235hjsip734sc9nr.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/341124057-idpiframe.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af5fd803088fcdc627e5cd97fb88d7fcbbb02a705f38fd48b1ab5f4ffca50ae8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Wed, 19 Jan 2022 16:40:41 GMT
web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
static.zdassets.com/web_widget/latest/ Frame 21E0
213 KB
72 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8770d012b92c867ad0a91fd62ac05bac24fee0a8b1c42637f4f96a91220cd9fb
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
217650
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
NG3YDKCA0WQGRC2H
x-amz-id-2
rIi7G1AC3Dk7v6KZiNq1GW+1Yew+mpw7Lp5rQ/Ezc6lGoI6uzJSl6rcMT728l60nJTq2tV1Kik8=
last-modified
Mon, 17 Jan 2022 02:29:23 GMT
server
cloudflare
etag
W/"65735e9542fe416058770af83dcfdfb3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpTHJdFoen4vR5Galc0smJNJ6KhLsZiM1xa8V3erOLX08%2BBn0gbE79fkYzCHJcCsCi0m370YbYLwIUg8OJb%2FwPnmx0zsVBNFYJ6Wy9OmV8ux7gjCwDQ%2BPs5BGW5Ba9LYaiUgzz8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
wRcMImozEU0HbZSkhqyFQQsG65Uga0SN
cf-ray
6d0129b4dbaf360d-MAN
expires
Tue, 17 Jan 2023 02:29:22 GMT
web-widget-chat-sdk-58987df92c8073e96c0f.js
static.zdassets.com/web_widget/latest/ Frame 21E0
203 KB
52 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-chat-sdk-58987df92c8073e96c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=ecaefdb9-c8c6-4bc3-bfc3-10ebc20b641b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6614745
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
9YZ3AJVPTBMZCNTN
x-amz-id-2
5Z6OQ6jbej+ILay5GcR/jjPft4n/9MaP8zqg/pxd1pQGp4xZinyTV9k4wTcO/O/8lR3UsIfCwe4=
last-modified
Wed, 03 Nov 2021 23:49:38 GMT
server
cloudflare
etag
W/"f4e9b6a21f729895e00473e7f3947ed7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YV%2B6gNOJDKJ4ec6yS7eBjCpKcwd03%2BdajaWVHnbNIGM2Dd6es4weOQ23jyMorFhwukLs6Kx70pI2gjOjzs4ftDhCecG5DvBvAuGxu0%2Br%2FZqI%2Fp6YqVnYt8lTfohxVMEN8xOHc7I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
VCxuCJi40dVya7RnPTXVZ9S02BueApP5
cf-ray
6d0129b4dbb4360d-MAN
expires
Thu, 03 Nov 2022 23:49:37 GMT
WEFqCY7wUmM.png
www.facebook.com/rsrc.php/v3/yH/r/ Frame A491
554 B
609 B
Image
General
Full URL
https://www.facebook.com/rsrc.php/v3/yH/r/WEFqCY7wUmM.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5bb2cc8d80b66d5712fc86f0320242a5085a031141eb6f20ee2973a3c2135cc9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 06 Jan 2022 05:27:02 GMT
x-content-type-options
nosniff
content-md5
Ot6UCEJeVuKPi2IX3HXzrA==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy
cross-origin
content-length
554
x-fb-rlafr
0
x-fb-debug
lpZjdCs9xHfy98g5N6V5B6rEaPererKllcVmQZ569ZKZ6XCEPqis+QDuw6ro+A47OCUFBk4nQSmqKnUWuzUYrw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 06 Jan 2023 05:27:02 GMT
luFYNPLo3dO.gif
www.facebook.com/rsrc.php/v3/yT/r/ Frame A491
1 KB
1 KB
Image
General
Full URL
https://www.facebook.com/rsrc.php/v3/yT/r/luFYNPLo3dO.gif
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
78a4e31b4d526946ad7e5f3317032843312c050e00ad68dafeadeecbf2cea078
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 06 Jan 2022 05:14:50 GMT
x-content-type-options
nosniff
content-md5
ac11L2RsnxG0UF4BBl4cDQ==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy
cross-origin
content-length
1407
x-fb-rlafr
0
x-fb-debug
QaumdFJbctv627puxwclpbm49tMlcxxnw0wAg259oP6OcgTICS9ydTrzjkWSpRe1xjgaIq267mwMb/urqEiauQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/gif
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 06 Jan 2023 05:14:50 GMT
MnHUYIJTK5w.js
www.facebook.com/rsrc.php/v3i7M54/yI/l/en_US/ Frame A491
520 KB
137 KB
Script
General
Full URL
https://www.facebook.com/rsrc.php/v3i7M54/yI/l/en_US/MnHUYIJTK5w.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a884760cb96cfeee330a187b75f52dcd110681d1eee8eef7f79b1e509abb821d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 12:51:22 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
h/KpcQFYfe8ddl9uNB0QVg==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
140145
x-fb-rlafr
0
x-fb-debug
b5O8Eu4hVoD3IN9TFOcvHZQjmJzny47xUrNLlDcMLnpfRmMc6r9lrJPtn6kYQIg8oWgBZLMO9FtYgs6XmYZofQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 19 Jan 2023 12:51:22 GMT
config
overthetopmarketing.zendesk.com/embeddable/ Frame 21E0
658 B
1 KB
Fetch
General
Full URL
https://overthetopmarketing.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e133ecbb51b0e1b838032b6412a14e5ea57c737048a5cb1bbb937ffd2c9e7ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
x-envoy-decorator-operation
embeddable.embeddable.svc.cluster.local:80/*
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-b8c578c7d-7bft2
x-envoy-upstream-service-time
2
zendesk-api-version
2022-01-01
access-control-allow-methods
GET
content-encoding
br
vary
Origin, Accept-Encoding
x-cached
MISS
x-request-id
6d0129b68f873607-IAD
x-runtime
0.001392
last-modified
Wed, 19 Jan 2022 15:40:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JKrckiugJ8b2uVJ%2FPKpqilp2hjFrju5GNXATsFXA1vYcrdaPC42MyIkFBaqrDI5UljRJcuVAxFkg20sDVlG8IPOBNaZIkyUnsj%2FWT3jxi50OwnqXBErRAZsV7QscdPAHvADnZO2On7n6O%2FtPOI%2BFJHI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
6d0129b68f873607-MAN
cavalry_endpoint.php
www.facebook.com/platform/ Frame A491
67 B
99 B
Image
General
Full URL
https://www.facebook.com/platform/cavalry_endpoint.php?t_cstart=1642606840519&t_start=1642606840519&t_domcontent=1642606840534&t_layout=1642606840620&t_onload=1642606840620&t_paint=1642606840620&t_creport=1642606840620&t_tti=1642606840534&lid=7054942663651211198-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.facebook.com/v2.4/plugins/login_button.php?app_id=320438014708940&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1b20389aee13c8%26domain%3Dgoogle.ottm.dev%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fgoogle.ottm.dev%252Ffaea07046da1d4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=&scope=public_profile%2Cemail&sdk=joey&size=xlarge
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
asT1x79Sekcm8JQ71RVrsCQ0qYsBP0d+E/dkOqAiPrPYPaM17VIdgLqiQyyVSIvIUyyik71Tc+Kr9UsKuptoPg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 19 Jan 2022 15:40:41 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
web-widget-39900-bad8471d2b7add37a93f.js
static.zdassets.com/web_widget/latest/ Frame 21E0
372 KB
114 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-39900-bad8471d2b7add37a93f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96591385347da42e5d589f3b5c307dbdca2da4cd12a78b46d01126526258ac81
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
662045
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
JMM6PADSZNBYHZ0P
x-amz-id-2
RpOu1knBPB0jicm1uQBzgI8GS3l2M1ngSXwzrPljUjnQwi8t+mCSGIrHg6bmCsR9X38MwUAVhmE=
last-modified
Tue, 11 Jan 2022 05:36:15 GMT
server
cloudflare
etag
W/"f529f07bc9a9b52c28c54dfb5ac3d537"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXBW2%2Bj4Y7YFt7yY93sPHgyNDoR6AT%2F8WXwwX6EzZtZZMvBtXsymkZVyXkhNFxOT4vCvdq6xVWUg6D%2BxV8JNY%2FePR6nBFkG3UJpCzscBhB6CvX%2FBn3nFCjHeImXcPTOLK%2BwEPlI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
Hu3EjwxEwLvswnoi3og_NUhh.Z0ZPntm
cf-ray
6d0129b978c8360d-MAN
expires
Wed, 11 Jan 2023 05:36:14 GMT
web-widget-82496-589058dacc8ab84d7796.js
static.zdassets.com/web_widget/latest/ Frame 21E0
85 KB
23 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-82496-589058dacc8ab84d7796.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a80319212460370537c57e56631f448aff106ecf74ee7a92f15391fcd48def00
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
662045
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
JMMEQWGG4J3MEQ6T
x-amz-id-2
XlkL/F1fksbrV0ZhoVeVPWwPi6JGCPjk9vAXb4N4kt6+0R2tmlXBWo5izXCcb8CptaDMBKL8I4w=
last-modified
Tue, 11 Jan 2022 05:36:15 GMT
server
cloudflare
etag
W/"a578a65dad91fe91cb0130ffd39b46ff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q2zgHDbe9a6gamtUYJDxmcPTNE6xGUA15w63TVfs7u%2FeAL6WdRiVpfkNExyWydIDPwYE4fCot8Mvc%2F%2BWlE0uyUXfZ0jm1S5rPXzRsNUOCIAochz%2FjTaI%2BwQ%2FREDTeoJGmJzvrSk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
XmBfchOa1nU_Xj55gYxYavG4mPwtakPM
cf-ray
6d0129b978cc360d-MAN
expires
Wed, 11 Jan 2023 05:36:14 GMT
web_widget-d6af41dad816bf183e73.js
static.zdassets.com/web_widget/latest/web-widget-lazy/ Frame 21E0
443 KB
98 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-lazy/web_widget-d6af41dad816bf183e73.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70e6d954617517f5c8d2b0f0dbf60f1b577a32d074d4e0e3666f24feb63a0cab
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
217649
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
5H67DD6RR46DRDM1
x-amz-id-2
H0at9eJ05C0kCmmfuC8V62HttDFAvHpf8ZecKt86fCn+glDlhRuuZz6XiNBFpkMuqcqNqBa1FeQ=
last-modified
Mon, 17 Jan 2022 02:26:08 GMT
server
cloudflare
etag
W/"3adb20b8257e5276c629bfce9770bbbb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5msFM5lZhVCuUbbfi51wzRfdwQ99RdCBWSyxGwdpVMu7EMovInEf56VoDlOdfzh4vYxro1q7p%2F1r8AgJMQPvzc6eA94rqUxrZLWrrDqyB7MJc1iIYTomWC9HPgCX2xhAxjxkqk8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
HKiHZ29YGZeEkLrn_GuweD6luQPDhsfu
cf-ray
6d0129b978ce360d-MAN
expires
Tue, 17 Jan 2023 02:26:06 GMT
embeddable_blip
overthetopmarketing.zendesk.com/ Frame 21E0
0
497 B
XHR
General
Full URL
https://overthetopmarketing.zendesk.com/embeddable_blip?type=analytics&data=eyJhbmFseXRpY3MiOnsidmFsdWUiOnsicmF3Q2xpZW50TG9jYWxlIjoiZW4tVVMiLCJyYXdTZXJ2ZXJMb2NhbGUiOiJkZS1ERSIsImNsaWVudExvY2FsZSI6ImVuLXVzIiwic2VydmVyTG9jYWxlIjoiZGUtZGUiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzYiLCJpc01vYmlsZSI6ZmFsc2V9LCJhY3Rpb24iOiJsb2NhbGVNaXNtYXRjaCIsImNhdGVnb3J5IjoibG9jYWxlIn0sImJ1aWQiOiIxNmNhYzdjZDg1OTE0NGYxYmU5NDBmNDVjZmY0ZjY3YyIsInN1aWQiOiI4NzYzNDdjMDYxZDY0Y2Q4YWM5ZTE3NmNlZWM4NjgwNiIsInZlcnNpb24iOiIyNzg2OGRhIiwidGltZXN0YW1wIjoiMjAyMi0wMS0xOVQxNTo0MDo0MS4zNDJaIiwidXJsIjoiaHR0cHM6Ly9nb29nbGUub3R0bS5kZXYvTG9naW4uYXNweD9SZXR1cm5Vcmw9JTJmIn0%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:42 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
zendesk-api-version
2022-01-01
content-length
0
x-zendesk-zorg
yes
x-request-id
9e557fd9b4d25171d0a39099eb84a69a
last-modified
Wed, 19 Jan 2022 15:40:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5evQiQWtnxryoWnnHwD06PHr9Le%2BKu2zakNd587FiwFV2uIg%2F2B9jyKmmYF3Q45Kb6OSWjeQUI09c4pFwq20NLr3FNXEG5gXC3ssIK0%2FN5HVq9YpNFYbhGvI0AbsLcFbfThQ2d9oJQtOuDNhrSsayd0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://google.ottm.dev
accept-ranges
bytes
cf-ray
6d0129baecd73607-MAN
de-de-json-0e7b9ae3b696a34b6d22.js
static.zdassets.com/web_widget/latest/web-widget-locales/classic/ Frame 21E0
28 KB
7 KB
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-locales/classic/de-de-json-0e7b9ae3b696a34b6d22.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
718e063364ba1c53900110e423987619a8227e1c877c360913658aa88c451c4d
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6614739
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
N3HASRFX6HDCVAYT
x-amz-id-2
X5mqvSxWfX7oUypcFGxz1Evw80xyv+TtowQX/FJHLKhnpIBNvfSYAH1YRwWKaL0Oxv8tcJL+Oa0=
last-modified
Wed, 03 Nov 2021 23:47:17 GMT
server
cloudflare
etag
W/"8fc7b388e5d1886d801f856533dc1ecd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a9ei9pWiS86Qon9hDXNLBcwyWZY1i0C8jkSr9dNgbLGF%2FT9mz3%2Bxv5qYyfoRp4VK%2B5FJ%2BBrLMsDvXyO09qwkPqXxL0kkotmlw79e7HSTgJD3mQEX7%2BMZSH63Q5sdThlvIAMkqs0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
6RmU.xLcJA.EQghxyd1xkwY2BBWkSgbD
cf-ray
6d0129bafd20360d-MAN
expires
Thu, 03 Nov 2022 23:47:15 GMT
embeddable_blip
overthetopmarketing.zendesk.com/ Frame 21E0
0
296 B
XHR
General
Full URL
https://overthetopmarketing.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInBhZ2VWaWV3Ijp7InJlZmVycmVyIjoiaHR0cHM6Ly9nb29nbGUub3R0bS5kZXYvTG9naW4uYXNweD9SZXR1cm5Vcmw9JTJmIiwidGltZSI6MTAzLCJsb2FkVGltZSI6ODEuNTk5OTk4NDc0MTIxMSwibmF2aWdhdG9yTGFuZ3VhZ2UiOiJlbi1VUyIsInBhZ2VUaXRsZSI6IkFkdmFudGFnZSAtIExvZ2luIiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk3LjAuNDY5Mi43MSBTYWZhcmkvNTM3LjM2IiwiaXNNb2JpbGUiOmZhbHNlLCJpc1Jlc3BvbnNpdmUiOnRydWUsInZpZXdwb3J0TWV0YSI6IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiLCJoZWxwQ2VudGVyRGVkdXAiOmZhbHNlfSwiYnVpZCI6IjE2Y2FjN2NkODU5MTQ0ZjFiZTk0MGY0NWNmZjRmNjdjIiwic3VpZCI6Ijg3NjM0N2MwNjFkNjRjZDhhYzllMTc2Y2VlYzg2ODA2IiwidmVyc2lvbiI6IjI3ODY4ZGEiLCJ0aW1lc3RhbXAiOiIyMDIyLTAxLTE5VDE1OjQwOjQxLjQ0NloiLCJ1cmwiOiJodHRwczovL2dvb2dsZS5vdHRtLmRldi9Mb2dpbi5hc3B4P1JldHVyblVybD0lMmYifQ%3D%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:42 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
zendesk-api-version
2022-01-01
content-length
0
x-zendesk-zorg
yes
x-request-id
8ee210f0ded08d243d4e72a2f3e4a861
last-modified
Wed, 19 Jan 2022 15:40:42 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=li3864%2FNHexNtIkl7Xm%2BA%2BiSPBLSYvm9U4YdfLI98%2BTf4AVae%2B04%2FArJqPfmq4bu5O8Rm2cSqoEe49oQSAshAsWlOvT0ra6HDZe1gyOegOnaC8gNIveH2ZbMcMHSMwMKpcUbkijc2aRbiKIri6R5xt0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://google.ottm.dev
accept-ranges
bytes
cf-ray
6d0129bb8ee23607-MAN
web-widget-chat-incoming-message-notification-abe0508c4615c51b9efb.js
static.zdassets.com/web_widget/latest/ Frame 21E0
337 B
699 B
Script
General
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-chat-incoming-message-notification-abe0508c4615c51b9efb.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-a4cbf2c0d8c9ce7cfa6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
835b428abb7dc757393b5c89290221036dcace94b53de6d0e8e990b44cc633a5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:40:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1352596
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
2K6H5T521ES451A6
x-amz-id-2
ZiYHUDbbMHngLgf3Qu6+LOFGhyD3Kn3ie0Iqe34qfDWdOlK70YLNmouyWYc34Php1PxTbfWKVoo=
last-modified
Mon, 03 Jan 2022 23:37:01 GMT
server
cloudflare
etag
W/"a7069caa3d0c66a01d617c556d15afe7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajDQZYNNfcaDO4JXb00QRXw6i6Rgmr6kQ4OEJ01OgxG06c3%2Bv9oelfEu6M1btzrHADwXrjFSwPdLY0dyklwyZbiPNBNBhaf80Tur1IQS8uEnXGXZK3xd7J2Mynd5kP4uuTCExgY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
YowV3WS1hDd.dYN.KkLiopXUJEH2mOUT
cf-ray
6d0129bd0bad360d-MAN
expires
Tue, 03 Jan 2023 23:37:00 GMT
fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/latest/ Frame 21E0
19 KB
20 KB
Media
General
Full URL
https://static.zdassets.com/web_widget/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 19 Jan 2022 15:40:42 GMT
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6675082
x-amz-server-side-encryption
AES256
Content-Range
bytes 0-19697/19698
x-amz-replication-status
COMPLETED
x-amz-request-id
15MEH6W02FQ3S6G3
x-amz-id-2
XABs8OEqM6XEDtFci0V87Rz2lrQl/423EgT/5eBL6SpOed8saQ1w/pitSqL2fpXxmDDeuS2s0zQ=
last-modified
Sun, 31 Oct 2021 23:56:03 GMT
server
cloudflare
etag
"f11ce9e8f40a392830217253fe75d6de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jS96ziB8vpKRXzqlZHYsGeNnl11GVE13ApQel2C404zEH594nTrqFxCTsMOeB1XMMfXGb8RHAVuLz8aMGIEzDR%2BbFjBpjr7AxyYoCajsMBsR4cxTHcDLr6bFBi%2BaVgnre%2F7cCKU%3D"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
a0QtVsEthBGL.bZmpPgOndbiQY6mkobg
Content-Length
19698
cf-ray
6d0129bd5c7b360d-MAN
expires
Mon, 31 Oct 2022 23:56:02 GMT

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| start function| signInCallback function| $ function| jQuery object| gapi object| ___jsl object| zEWebpackACJsonp function| zE function| zEmbed string| GoogleAnalyticsObject function| ga object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit function| WebForm_OnSubmit function| statusChangeCallback function| checkLoginState function| testAPI function| onSignIn function| fbAsyncInit object| Page_Validators object| cphBody_rfvUserName object| cphBody_RegularExpressionValidator1 object| cphBody_rfvPassword boolean| Page_ValidationActive function| ValidatorOnSubmit object| Page_ValidationSummaries object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| FB object| auth2 boolean| zEACLoaded function| $zopim

8 Cookies

Domain/Path Name / Value
google.ottm.dev/ Name: ASP.NET_SessionId
Value: urgeq5sv5xd3xowjr2rfoz33
.google.com/ Name: NID
Value: 511=hLqaRTeesJGsIDwSkBhuhCZvsR16qHUInR1otqKQ9GBdND7q-D8uyfnGOi3Z6_Mc9gk9ff6SFeeO7kErKz698cvX6r0fl-3aqjfLYvVvC0Vbbw8pGt_vsfXs8t_iMGL2GpKYurIjI3mWXFvCOMgrd08rfFt0pnxSdxZzGsdnIEo
.ottm.dev/ Name: _ga
Value: GA1.2.29993628.1642606840
.ottm.dev/ Name: _gid
Value: GA1.2.568803438.1642606840
.ottm.dev/ Name: _gat
Value: 1
.google.ottm.dev/ Name: G_ENABLED_IDPS
Value: google
widget-mediator.zopim.com/ Name: AWSALBCORS
Value: 324C6uGbjUTh0xVHMujRdouofgkNOgoWFS45vTKFkk7W3RuaMDVOkiH35xIzzGqSvHIzXpY8t987Wl31sAiB9KQajdo9Nx/W15kMsyZ2J7kH99VQkDLopR4Jcb2J
.ottm.dev/ Name: __zlcmid
Value: 187kdttDDNryruj

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ajax.googleapis.com
apis.google.com
connect.facebook.net
ekr.zdassets.com
google.ottm.dev
overthetopmarketing.zendesk.com
ssl.gstatic.com
static.zdassets.com
www.facebook.com
www.google-analytics.com
104.16.53.111
104.18.70.113
2a00:1450:4001:80e::200a
2a00:1450:4001:827::200e
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:830::200d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
52.26.63.164
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
2c4b33a10eb385aec08d76f554b04a4b3dec5d49e2d76e6ea1bfc4f567522feb
3aa9e6d21978185255f68a04ca44d1ea071b2c26efa39f55c2a40f84a3dddf7c
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
41dbda9bb67e88befa44647178bb3a2203da554d669ffb37f2ab7d3b1c1c8822
4e133ecbb51b0e1b838032b6412a14e5ea57c737048a5cb1bbb937ffd2c9e7ea
4eb3d539dd1a33f6b36a83cebe63c9bae149933824859089389bd8b24865768c
5bb2cc8d80b66d5712fc86f0320242a5085a031141eb6f20ee2973a3c2135cc9
70e6d954617517f5c8d2b0f0dbf60f1b577a32d074d4e0e3666f24feb63a0cab
718e063364ba1c53900110e423987619a8227e1c877c360913658aa88c451c4d
78a4e31b4d526946ad7e5f3317032843312c050e00ad68dafeadeecbf2cea078
7936f260a37fedb933ff179e31483a1de0f2c444af15d5b310e0b6b00b5c9172
835b428abb7dc757393b5c89290221036dcace94b53de6d0e8e990b44cc633a5
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8770d012b92c867ad0a91fd62ac05bac24fee0a8b1c42637f4f96a91220cd9fb
96591385347da42e5d589f3b5c307dbdca2da4cd12a78b46d01126526258ac81
97e5b0b6cfc2ba9815028429c069631ba12b294aa7419d1ea130accd0adc2d46
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a6cd361fc4dd2ddf8db6c3ea7d3e8e62d38832bd9336e595aafa4abcd024b1ce
a80319212460370537c57e56631f448aff106ecf74ee7a92f15391fcd48def00
a884760cb96cfeee330a187b75f52dcd110681d1eee8eef7f79b1e509abb821d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af5fd803088fcdc627e5cd97fb88d7fcbbb02a705f38fd48b1ab5f4ffca50ae8
afbd87106866a83309ba4615e41aee575d89c2064baad0465b199456ae654994
b3f0b2185e0b91d4b41e82e204f95d4940e7e4fe1a9edf7f637f7d6bb189a6da
b7aae2323fb47c27650057694cdb46ef707692e456bdbf529ea3054cda94945f
c9124989ddb6a4c54ac930450171639ba9526c8f7ed9d2fdc548345fb3401d67
da87fe5f0d211f53391640723a6ecb7bb6fbb53145c1f069b6d6dd5c066fae0a
e1c4d605a29796a964c176901f70e2a3093525998136f8a78cb7375d7ea3dc82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192