Submitted URL: https://www.employeeretentioncredit.jrsmarketsmanager.com/
Effective URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Submission: On January 04 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 23 IPs in 5 countries across 20 domains to perform 139 HTTP transactions. The main IP is 34.135.223.120, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is erc.bottomlinesavings.com.
TLS certificate: Issued by R3 on December 9th 2022. Valid for: 3 months.
This is the only time erc.bottomlinesavings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 192.232.251.47 46606 (UNIFIEDLA...)
25 20.75.106.146 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
38 34.135.223.120 396982 (GOOGLE-CL...)
1 2a00:1450:402... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:e2:... 13335 (CLOUDFLAR...)
1 13.32.121.73 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
11 2606:4700:310... 13335 (CLOUDFLAR...)
1 65.9.95.37 16509 (AMAZON-02)
14 146.75.122.109 54113 (FASTLY)
2 162.159.138.60 13335 (CLOUDFLAR...)
2 3.23.186.114 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 151.101.128.176 ()
4 2600:9000:225... ()
4 2a00:1450:400... ()
6 2a00:1450:400... ()
139 23
Apex Domain
Subdomains
Transfer
38 bottomlinesavings.com
erc.bottomlinesavings.com
727 KB
25 referralrock.com
bottomlinesavings.referralrock.com
201 KB
14 vimeocdn.com
i.vimeocdn.com — Cisco Umbrella Rank: 4959
f.vimeocdn.com — Cisco Umbrella Rank: 5012
827 KB
11 calendly.com
assets.calendly.com — Cisco Umbrella Rank: 27682
calendly.com — Cisco Umbrella Rank: 20917
1 MB
11 gstatic.com
fonts.gstatic.com
www.gstatic.com
491 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 103
region1.google-analytics.com — Cisco Umbrella Rank: 2124
40 KB
4 recaptcha.net
www.recaptcha.net
45 KB
4 airbrake.io
notifier-configs.airbrake.io
1 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 123
269 KB
3 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1620
31 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 3658
629 B
3 google.com
www.google.com — Cisco Umbrella Rank: 16
629 B
3 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 179
googleads.g.doubleclick.net — Cisco Umbrella Rank: 64
3 KB
2 stripe.com
js.stripe.com
197 KB
2 ap3prod.com
capture-api.ap3prod.com — Cisco Umbrella Rank: 203185
920 B
2 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 2727
20 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 127
3 KB
1 cdn3l.ink
cdn3l.ink — Cisco Umbrella Rank: 385253
23 KB
1 tapfiliate.com
script.tapfiliate.com — Cisco Umbrella Rank: 39435
4 KB
1 jrsmarketsmanager.com
www.employeeretentioncredit.jrsmarketsmanager.com
122 B
139 20
Domain Requested by
38 erc.bottomlinesavings.com bottomlinesavings.referralrock.com
erc.bottomlinesavings.com
25 bottomlinesavings.referralrock.com bottomlinesavings.referralrock.com
erc.bottomlinesavings.com
9 assets.calendly.com erc.bottomlinesavings.com
calendly.com
assets.calendly.com
8 f.vimeocdn.com player.vimeo.com
6 www.gstatic.com www.recaptcha.net
6 i.vimeocdn.com erc.bottomlinesavings.com
player.vimeo.com
5 fonts.gstatic.com fonts.googleapis.com
4 www.recaptcha.net assets.calendly.com
www.gstatic.com
4 notifier-configs.airbrake.io assets.calendly.com
4 www.googletagmanager.com erc.bottomlinesavings.com
www.googletagmanager.com
4 www.google-analytics.com bottomlinesavings.referralrock.com
www.google-analytics.com
www.googletagmanager.com
3 use.fontawesome.com erc.bottomlinesavings.com
use.fontawesome.com
3 www.google.de erc.bottomlinesavings.com
3 www.google.com erc.bottomlinesavings.com
2 js.stripe.com assets.calendly.com
2 calendly.com assets.calendly.com
2 googleads.g.doubleclick.net www.googletagmanager.com
2 capture-api.ap3prod.com cdn3l.ink
2 player.vimeo.com erc.bottomlinesavings.com
2 fonts.googleapis.com bottomlinesavings.referralrock.com
erc.bottomlinesavings.com
1 region1.google-analytics.com www.googletagmanager.com
1 cdn3l.ink erc.bottomlinesavings.com
1 script.tapfiliate.com erc.bottomlinesavings.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.employeeretentioncredit.jrsmarketsmanager.com 1 redirects
139 25

This site contains no links.

Subject Issuer Validity Valid
*.referralrock.com
R3
2022-12-12 -
2023-03-12
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
erc.bottomlinesavings.com
R3
2022-12-09 -
2023-03-09
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
www.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
www.google.de
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-06 -
2023-06-05
a year crt.sh
backend.tapfiliate.com
Amazon RSA 2048 M01
2022-11-03 -
2023-12-02
a year crt.sh
calendly.com
Cloudflare Inc ECC CA-3
2022-05-09 -
2023-05-09
a year crt.sh
static.ap3prod.com
Amazon
2022-07-13 -
2023-08-12
a year crt.sh
*.vimeocdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-05-17 -
2023-06-18
a year crt.sh
*.ap3prod.com
Amazon
2022-02-15 -
2023-03-16
a year crt.sh
*.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.google.de
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA
2022-12-15 -
2024-01-11
a year crt.sh
*.airbrake.io
SSL.com RSA SSL subCA
2022-10-18 -
2023-10-18
a year crt.sh
misc.google.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh

This page contains 9 frames:

Primary Page: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Frame ID: 11C054237B93C21BFB28C9623FC13BBB
Requests: 100 HTTP requests in this frame

Frame: https://bottomlinesavings.referralrock.com/webset/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&days=396
Frame ID: D029C4DDDE276CA3A3073A82E007C8B1
Requests: 1 HTTP requests in this frame

Frame: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Frame ID: 53BB060A9A58F57462289993ABC6DF9D
Requests: 7 HTTP requests in this frame

Frame: https://bottomlinesavings.referralrock.com/externaltrack/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&pageTitle=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&scriptv=https%3A%2F%2Fbottomlinesavings.referralrock.com%2Fsdk%2Freferral.js%3F05-10-21&transactionKey=cc3508fd-a73b-49b6-b5b9-b89e6156f995&sourceURL=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Frame ID: CA3AABA628B820DBB9831088B2B6CEAC
Requests: 1 HTTP requests in this frame

Frame: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Frame ID: 9B2407D23ABC43A7FABF8B781604BD73
Requests: 12 HTTP requests in this frame

Frame: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Frame ID: C0B4E5255074733BB56B92FD0E88C60E
Requests: 9 HTTP requests in this frame

Frame: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Frame ID: 14E7BDCB1104C0C71A1609DBEDE3786C
Requests: 9 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=p5ltu2o0oimk
Frame ID: E5546C9A49C90FFC4897B943C986CE54
Requests: 3 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=9ijrcuw1ys54
Frame ID: 1FAFEA7920970F8121453CC1D8175CB3
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Employee Retention Credit - ERC Bottom Line Savings

Page URL History Show full URLs

  1. https://www.employeeretentioncredit.jrsmarketsmanager.com/ HTTP 301
    https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/ Page URL
  2. https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCOD... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]mobile(?:-([\d.]))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • https://assets\.calendly\.com/assets/external/widget\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • swiper(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

139
Requests

99 %
HTTPS

61 %
IPv6

20
Domains

25
Subdomains

23
IPs

5
Countries

4277 kB
Transfer

14231 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.employeeretentioncredit.jrsmarketsmanager.com/ HTTP 301
    https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/ Page URL
  2. https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.employeeretentioncredit.jrsmarketsmanager.com/ HTTP 301
  • https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/

139 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Redirect Chain
  • https://www.employeeretentioncredit.jrsmarketsmanager.com/
  • https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
21 KB
8 KB
Document
General
Full URL
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
953c6becf813b9b206e861f3c14d66362dcf7f891ccae8b0ef4db9040cc3060f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
7060
Content-Type
text/html; charset=utf-8
Date
Wed, 04 Jan 2023 01:10:19 GMT
Refresh
3;URL=https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET

Redirect headers

content-length
266
content-type
text/html; charset=iso-8859-1
date
Wed, 04 Jan 2023 01:10:18 GMT
location
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
server
Apache
bootstrap.min.css
bottomlinesavings.referralrock.com/plugins/referral-page/
141 KB
21 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/bootstrap.min.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fea46492526c07103d9d5d0013d41026feb67019fd2466e4bd0466d2879369a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:18 GMT
Server
Microsoft-IIS/10.0
ETag
"0a3187b516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20490
box.css
bottomlinesavings.referralrock.com/template/ContentBox-4-1/box/
56 KB
8 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/box/box.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fa65a642fc9730d418d0243fa0615fdf315a36080dbed44f7f47b7f2db4a554b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:22 GMT
Server
Microsoft-IIS/10.0
ETag
"0fd7a7d516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7537
content.css
bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/minimalist-blocks/
38 KB
7 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/minimalist-blocks/content.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f533a8ebfad4300d7b57deffe1ae463e3994d7295e89dc106ee7d0a112cff074

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6031
simplelightbox.min.css
bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/scripts/simplelightbox/
3 KB
2 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/scripts/simplelightbox/simplelightbox.min.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c424dd71a9922bbeee7275e8907f523d40c469c7cd64fa3b932183f74fbf969a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:22 GMT
Server
Microsoft-IIS/10.0
ETag
"0fd7a7d516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
856
referralpage.css
bottomlinesavings.referralrock.com/plugins/referral-page/
863 B
1 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/referralpage.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
52cdf04826c52294d58ca3addcc77be1c197dbd5387462eef751a497630e9925

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
497
referralrock.contactusform.css
bottomlinesavings.referralrock.com/plugins/referral-page/
3 KB
2 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/referralrock.contactusform.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
82c304254b88b5f2b172cda014d85ae41ccf900aec3d305681b19912ffb91a24

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
919
referralrock.ctabutton.css
bottomlinesavings.referralrock.com/plugins/referral-page/
437 B
1019 B
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/referralrock.ctabutton.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0852e3f6a01efa52749a530fa9a44e48c86bbd948d57188b528e8ef591919bbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
333
font-awesome.min.css
bottomlinesavings.referralrock.com/template/gridly/css/
17 KB
5 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/template/gridly/css/font-awesome.min.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f96c8aa5eadbf98b155a0627034b14b6fdced2431dcd5e383eb957e42b7b9d9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:26 GMT
Server
Microsoft-IIS/10.0
ETag
"057dd7f516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3982
ionicons.min.css
bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/ionicons/css/
50 KB
9 KB
Stylesheet
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/ionicons/css/ionicons.min.css
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
77d332fac16a1e8c80df4f42b9f22c4c738f46234d5f962377d327cd9d7dd9fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8308
jquery-3.4.1.min.js
bottomlinesavings.referralrock.com/plugins/referral-page/
86 KB
31 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/jquery-3.4.1.min.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30741
jquery.validate.min.js
bottomlinesavings.referralrock.com/plugins/jquery-validation/
23 KB
8 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/jquery-validation/jquery.validate.min.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c4ec8763c6f7c6b9efc4a180baadbc2a4eaf9317f2781c9a4705c8c56774993d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:18 GMT
Server
Microsoft-IIS/10.0
ETag
"0a3187b516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7461
simple-lightbox.min.js
bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/scripts/simplelightbox/
9 KB
4 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/scripts/simplelightbox/simple-lightbox.min.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7f41078fead03bf1af38928a77d23dd0a9d7b212b93a7ee6c11d7f92fdf588f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:22 GMT
Server
Microsoft-IIS/10.0
ETag
"0fd7a7d516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3407
CustomValidatorExtensions.js
bottomlinesavings.referralrock.com/js/
444 B
1 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/js/CustomValidatorExtensions.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2aeb5f52037bd05979f577d66e8d28f2ee0233a94ec034a31d88a74c29f8cac2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:16 GMT
Server
Microsoft-IIS/10.0
ETag
"076e779516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
374
prebid-ads.js
bottomlinesavings.referralrock.com/js/
78 B
886 B
Script
General
Full URL
https://bottomlinesavings.referralrock.com/js/prebid-ads.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ba06b16e3697c9fc03f5323f19ffb6305908103f3a7f6be2bb3040999b28fedd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:16 GMT
Server
Microsoft-IIS/10.0
ETag
"076e779516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
184
util.js
bottomlinesavings.referralrock.com/js/
3 KB
2 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/js/util.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
06911f159ff34888369f593aed2ea405b091973929c24a23d9b5e8b97f06eab9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:16 GMT
Server
Microsoft-IIS/10.0
ETag
"076e779516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1416
referralrock.contactusform.js
bottomlinesavings.referralrock.com/plugins/referral-page/
19 KB
4 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/referralrock.contactusform.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
902c123e653f161e6c2074330392649a5097cb71359f226ab422d064100a547c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3305
referralrock.ctabutton.js
bottomlinesavings.referralrock.com/plugins/referral-page/
4 KB
2 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/plugins/referral-page/referralrock.ctabutton.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1f7cd2e95f384456925ed00ddb3ab0b4407e8df4c67f4d7b24a760286d26f40d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:20 GMT
Server
Microsoft-IIS/10.0
ETag
"0d0497c516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
993
WebResource.axd
bottomlinesavings.referralrock.com/
23 KB
7 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZAliHRFgQsTXIqQE7KlK2fBqRT1u9_ja4GufzFvcEGfboWAPdQ2&t=637814660020000000
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires
Fri, 22 Dec 2023 13:23:08 GMT
Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Sat, 26 Feb 2022 09:53:22 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
public
Connection
keep-alive
Content-Length
6007
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
ScriptResource.axd
bottomlinesavings.referralrock.com/
100 KB
26 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/ScriptResource.axd?d=NJmAwtEo3Ipnlaxl6CMhvkGCu09OPiZafK17UNwD3331xYfQvkx5MjX0zTWxcRFRgudr-7EsczP2YJrFDjXSt7nwf5KEFHiXukNJANhDHdnO8e_hwJ9h_90DmA3z9vSvXQXEqAuyU_zY1ayFvXYAKxHLp6g1&t=49337fe8
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires
Wed, 03 Jan 2024 16:21:38 GMT
Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Jan 2023 16:21:38 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
public
Connection
keep-alive
Content-Length
25609
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
ScriptResource.axd
bottomlinesavings.referralrock.com/
39 KB
11 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/ScriptResource.axd?d=dwY9oWetJoJoVpgL6Zq8ONWBnLYwTPaUzjbAFJ-xLli6wQZ65XfwzTHMoWSQLKuy4xyZDZDbYnyzCVVL1T1R8cM_dQ0qYw9sr6_x5uTxqlkRMKGqRljPR1VE6uwGAt4q3sfB0JcUp5FcPUt2b6RXM7OaB581&t=49337fe8
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires
Wed, 03 Jan 2024 20:30:14 GMT
Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Jan 2023 20:30:14 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
public
Connection
keep-alive
Content-Length
9984
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
box.js
bottomlinesavings.referralrock.com/template/ContentBox-4-1/box/
83 KB
23 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/box/box.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
78d06bfd42c3ef22e9536c021bbecda88fcb6e71d60bd706df8a184adb496a7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:19 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:22 GMT
Server
Microsoft-IIS/10.0
ETag
"0fd7a7d516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23139
css
fonts.googleapis.com/
10 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,800
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/template/ContentBox-4-1/assets/minimalist-blocks/content.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3b712b1f709f4cf8d3f4085e1f3f09cc5eeac283300c1f60542a363ca1aabd0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 04 Jan 2023 01:10:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 03 Jan 2023 23:54:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 04 Jan 2023 01:10:19 GMT
/
bottomlinesavings.referralrock.com/webset/ Frame D029
612 B
1 KB
Document
General
Full URL
https://bottomlinesavings.referralrock.com/webset/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&days=396
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
dd1b63de6a184bfc23d9cf2ffc8686f88edad845566ab0cdcec37c8bc261bc90

Request headers

Referer
https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
549
Content-Type
text/html; charset=utf-8
Date
Wed, 04 Jan 2023 01:10:19 GMT
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bottomlinesavings.referralrock.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Sat, 31 Dec 2022 16:15:31 GMT
x-content-type-options
nosniff
age
291288
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 31 Dec 2023 16:15:31 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 03 Jan 2023 23:24:37 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6342
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Wed, 04 Jan 2023 01:24:37 GMT
collect
www.google-analytics.com/j/
4 B
222 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=901858724&t=pageview&_s=1&dl=https%3A%2F%2Fbottomlinesavings.referralrock.com%2Fl%2FJOHNNYSNOW69%2F&ul=en-us&de=UTF-8&dt=Johnny%20Snowden%20recommends%20Bottom%20Line%20Savings!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=1187162741&gjid=2103462940&cid=541992272.1672794620&tid=UA-2068305-11&_gid=1202964688.1672794620&_r=1&_slc=1&z=1600505346
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://bottomlinesavings.referralrock.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bottomlinesavings.referralrock.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request /
erc.bottomlinesavings.com/v2/
130 KB
24 KB
Document
General
Full URL
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/l/JOHNNYSNOW69/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
1a2d8cdd8b010168f8ff2c5cff454bea4394383a2221fa9d157ab2b339f33bd2

Request headers

Referer
https://bottomlinesavings.referralrock.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=600, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 04 Jan 2023 01:10:21 GMT
link
<https://erc.bottomlinesavings.com/wp-json/>; rel="https://api.w.org/" <https://erc.bottomlinesavings.com/wp-json/wp/v2/pages/4817>; rel="alternate"; type="application/json" <https://erc.bottomlinesavings.com/?p=4817>; rel=shortlink
server
nginx
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
MISS
x-cache-enabled
False
x-cache-group
normal
x-cacheable
SHORT
x-powered-by
WP Engine
collect
stats.g.doubleclick.net/j/
4 B
455 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-2068305-11&cid=541992272.1672794620&jid=1187162741&gjid=2103462940&_gid=1202964688.1672794620&_u=IEBAAAAAAAAAACAAI~&z=849773842
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:401::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bottomlinesavings.referralrock.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 04 Jan 2023 01:10:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bottomlinesavings.referralrock.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-2068305-11&cid=541992272.1672794620&jid=1187162741&_u=IEBAAAAAAAAAACAAI~&z=944382703
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-2068305-11&cid=541992272.1672794620&jid=1187162741&_u=IEBAAAAAAAAAACAAI~&z=944382703
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bottomlinesavings.referralrock.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
style.min.css
erc.bottomlinesavings.com/wp-includes/css/dist/block-library/
93 KB
13 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Fri, 11 Nov 2022 14:56:45 GMT
server
nginx
etag
W/"636e62ad-172a9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
light-box-styles.css
erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/
2 KB
825 B
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/light-box-styles.css?ver=2.0.26
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
db57d37e846e1f248a9969fed15e46f5f380566691d06854126e1877cbdbfb45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Thu, 25 Aug 2022 16:57:25 GMT
server
nginx
etag
W/"6307a9f5-602"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
swiper.min.css
erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/
19 KB
3 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/swiper.min.css?ver=2.0.26
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8ba1ae9e1e3dbd37d048b94ef181c73ab9b53a81419fd8126f29bb81ea92c2ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Thu, 25 Aug 2022 16:57:25 GMT
server
nginx
etag
W/"6307a9f5-4d4d"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
front.min.css
erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/styles/
7 KB
2 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/styles/front.min.css?ver=3.0.5
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Wed, 16 Nov 2022 12:20:59 GMT
server
nginx
etag
W/"6374d5ab-1c9f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.min.css
erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/
20 KB
3 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/styles/style.min.css?ver=2.0.26
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6655fa79a86164f4c63e0e0639bad29d987efb7fcef3747d823b0639a1ae96f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Thu, 25 Aug 2022 16:57:25 GMT
server
nginx
etag
W/"6307a9f5-4e9e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.min.css
erc.bottomlinesavings.com/wp-content/plugins/divisignatures/styles/
4 KB
1 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/divisignatures/styles/style.min.css?ver=1.5.4
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c2dec33a53c20ef16c3fcbb7c4afefe3b302f6792d717339c23c1f3b6845a345

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Tue, 03 Jan 2023 18:30:08 GMT
server
nginx
etag
W/"63b47430-116e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
default.css
erc.bottomlinesavings.com/wp-content/plugins/tablepress/css/build/
6 KB
3 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.0.2
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6411013f7f9ef06c6c81a8090729213124f35e64a68cb2a6b35338fa3851e9e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Tue, 03 Jan 2023 21:42:11 GMT
server
nginx
etag
W/"63b4a133-17a7"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
tablepress-responsive.min.css
erc.bottomlinesavings.com/wp-content/plugins/tablepress-responsive-tables/css/
9 KB
1 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Sun, 05 Jun 2022 19:23:02 GMT
server
nginx
etag
W/"629d0296-22aa"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
all.css
use.fontawesome.com/releases/v5.15.4/css/
58 KB
13 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.15.4/css/all.css
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Request headers

Referer
https://erc.bottomlinesavings.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
8B8ZVZ9SWA8WA640
age
1332618
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
98p++WjVU32WTozakSisWXbu7xHZekyQglLNqTDfNOrxPuzHBwEmLK+85yorXIBafv8mtK1lllM=
last-modified
Wed, 04 Aug 2021 20:43:22 GMT
server
cloudflare
etag
W/"ecd507b3125edc4d2a03aa6ae5d07da9"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QlcT9Y0Aysx0BJY3Si3La77mHj%2BSBsVi5Uo%2F8iH3AUWGx6j7eNiDggKcHa2A%2Bb6h11CXVR43YKjClZK9JiBhyjfMsXeFhtQ74Q0puxjHYNwRcPGwdKGQgnr5uX%2FMaYAo48154jXTO8VEoAPIufEW4LYa"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
7840181129759b88-FRA
style-static.min.css
erc.bottomlinesavings.com/wp-content/themes/Divi/
805 KB
79 KB
Stylesheet
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/style-static.min.css?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7db401974aa2a15baf0042a430b1961edd4efdd4a76f9fbd2c1590c855e162a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-c9505"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
v4-shims.css
use.fontawesome.com/releases/v5.15.4/css/
26 KB
5 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.15.4/css/v4-shims.css
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910

Request headers

Referer
https://erc.bottomlinesavings.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
8B8T0Y52R6SGSH46
age
1345605
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
IPdFklKl5DYcuE+MMZMkf/zBryNjaOt0Y1kqTtAdwF6z5qENY+tOf02yXc1X3OXHhbxSwX3P++c=
last-modified
Wed, 04 Aug 2021 20:43:22 GMT
server
cloudflare
etag
W/"a034d3c71bee546f625877d7932917f8"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqSiJjZWUMB%2Fi0HlHyLp70Y8b1ZHIF4biseo8rhW2UYhNnzVN%2FqI7oQ7oRI1qBrakKs7iVFlfzGFftNqRcZ41mbXQI3Wq4Cwp5PKmcx%2BS9l%2BKT5pUOCizzICAibjRxENHrbUpOgyBDdfqoA94Ue3PzTs"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
7840181129769b88-FRA
jquery.min.js
erc.bottomlinesavings.com/wp-includes/js/jquery/
88 KB
32 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Mon, 19 Sep 2022 14:16:24 GMT
server
nginx
etag
W/"632879b8-15e54"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery-migrate.min.js
erc.bottomlinesavings.com/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
nginx
etag
W/"5fb4e3fe-2bd8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
tapfiliate.js
script.tapfiliate.com/
11 KB
4 KB
Script
General
Full URL
https://script.tapfiliate.com/tapfiliate.js?ver=6.1.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-73.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
44798a517a7c8d28c1e371a1b8b869bae1608bd48df7ed50800cbed8703612c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 14:47:16 GMT
content-encoding
gzip
via
1.1 814952d19d560b49ff15ad2f71e400d2.cloudfront.net (CloudFront)
last-modified
Wed, 12 Oct 2022 12:34:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
37386
etag
W/"ddbb39a9e8e67d5067145f8aa76b938d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
nttpduipBu9xPvGloHRJ84B3B-EBAhJ38hUhFbjhR28vfuwkV63HMw==
ie-compat.min.js
erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/scripts/
10 KB
4 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js?ver=3.0.5
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:21 GMT
content-encoding
br
last-modified
Wed, 16 Nov 2022 12:20:59 GMT
server
nginx
etag
W/"6374d5ab-2712"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
js
www.googletagmanager.com/gtag/
179 KB
66 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10792409338
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2183a5a703ab98377977d3cd66a3b2adfe896ff216b9f215d25b973407e98d4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67036
x-xss-protection
0
last-modified
Wed, 04 Jan 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 04 Jan 2023 01:10:22 GMT
BLC-Logo.png
erc.bottomlinesavings.com/wp-content/uploads/2022/07/
43 KB
43 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/07/BLC-Logo.png
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
31583227efb659feaa7740eb8168368851b5760a25cda03f9755f01aea204003

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Sun, 10 Jul 2022 18:27:45 GMT
server
nginx
etag
"62cb1a21-ab86"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
43910
wp-emoji-release.min.js
erc.bottomlinesavings.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Tue, 12 Apr 2022 05:56:23 GMT
server
nginx
etag
W/"62551487-48b9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
widget.js
assets.calendly.com/assets/external/
44 KB
16 KB
Script
General
Full URL
https://assets.calendly.com/assets/external/widget.js
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86321659b430d61d1c232e225e927b7f052fa61669e5afc15044f75740d04429
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Fri, 23 Dec 2022 17:25:36 GMT
cf-bgj
minify
server
cloudflare
age
216
etag
W/"c30e8b97d12c7710012f00f92bcd9de5"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
cache-control
public, max-age=300
cf-ray
78401814ced49b9b-FRA
expires
Thu, 05 Jan 2023 01:10:22 GMT
css
fonts.googleapis.com/
52 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic|Mulish:200,300,regular,500,600,700,800,900,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
449084b0340492136e10e6034e6c16e842bdbdfdb57f103c60bf0a55d392061e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 04 Jan 2023 01:10:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 04 Jan 2023 01:10:22 GMT
swiper.min.js
erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/scripts/
135 KB
36 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/scripts/swiper.min.js?ver=2.0.26
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Thu, 25 Aug 2022 16:57:25 GMT
server
nginx
etag
W/"6307a9f5-21cea"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
front.min.js
erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/scripts/
65 KB
22 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/popups-for-divi/scripts/front.min.js?ver=3.0.5
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Wed, 16 Nov 2022 12:20:59 GMT
server
nginx
etag
W/"6374d5ab-10394"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
scripts.min.js
erc.bottomlinesavings.com/wp-content/themes/Divi/js/
268 KB
60 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/js/scripts.min.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
425c17cc0de74e7e5ce91bbb6ceb6405518d61a38d298938099ad3289ab5c1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-42f69"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
smoothscroll.js
erc.bottomlinesavings.com/wp-content/themes/Divi/js/
6 KB
3 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/js/smoothscroll.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
75079f39fe739015589a0f995f41b4c1c29d4ebac85c93a792926af09f61cc83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-1652"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery.fitvids.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
3 KB
1 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-d15"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
comment-reply.min.js
erc.bottomlinesavings.com/wp-includes/js/
3 KB
2 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 08 Apr 2022 20:07:18 GMT
server
nginx
etag
W/"625095f6-ba5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery.mobile.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
8 KB
3 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.mobile.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-1f18"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
magnific-popup.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
22 KB
9 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/magnific-popup.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-5902"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
easypiechart.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
9 KB
3 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-2466"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
salvattore.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
8 KB
4 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/salvattore.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-217e"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
frontend-bundle.min.js
erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/scripts/
9 KB
3 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/dg-divi-carousel/scripts/frontend-bundle.min.js?ver=2.0.26
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
75c3f3f664f68995303c2f929a77b801e19a9be17906965c49cae4f1800095a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Thu, 25 Aug 2022 16:57:25 GMT
server
nginx
etag
W/"6307a9f5-25a0"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
frontend-bundle.min.js
erc.bottomlinesavings.com/wp-content/plugins/divisignatures/scripts/
6 KB
2 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/plugins/divisignatures/scripts/frontend-bundle.min.js?ver=1.5.4
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d7ffb9e5ee5a5aec84efc6ab908397ed515567280bf05f18356d35e8f61704d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Tue, 03 Jan 2023 18:30:08 GMT
server
nginx
etag
W/"63b47430-19ef"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
common.js
erc.bottomlinesavings.com/wp-content/themes/Divi/core/admin/js/
1 KB
815 B
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-53f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
motion-effects.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
154 KB
38 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/motion-effects.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e51e19db4305a39866527982780d253af76c071540c09f2b215cab4b08de2b10

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-26901"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
sticky-elements.js
erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/
212 KB
59 KB
Script
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements.js?ver=4.19.1
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0826d6c5a2249f46b088b74d85567d7f0bfa9cf7e583441efe8b8eba09f45da5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
W/"6377e243-34f55"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
gtm.js
www.googletagmanager.com/
160 KB
60 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WDMGJF5
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5cf6559c0bfcb98106283678c9fe6cce5042a30fe58484b6eed210201ce6f935
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61576
x-xss-protection
0
last-modified
Wed, 04 Jan 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 04 Jan 2023 01:10:22 GMT
referral.js
bottomlinesavings.referralrock.com/sdk/
99 KB
17 KB
Script
General
Full URL
https://bottomlinesavings.referralrock.com/sdk/referral.js
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2f70918a8cb955a250ca301a151ff4d8fd9a755a262166d64594624eacf20569

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 01:10:22 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 13:01:16 GMT
Server
Microsoft-IIS/10.0
ETag
"076e779516d91:0"
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17112
app.js
cdn3l.ink/
97 KB
23 KB
Script
General
Full URL
https://cdn3l.ink/app.js
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-37.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90505615f444f23f51396160f55175b50feaedd5907dfad08c5846109179da69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 05:57:20 GMT
content-encoding
gzip
via
1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 03 Jan 2023 05:57:09 GMT
server
AmazonS3
x-amz-cf-pop
PRG50-C1
age
69183
etag
W/"8ed4f545ac10b976b6a975ff4a1f8c64"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=3600
x-amz-cf-id
PUVvVWmqRon75ibKjayTa5WDTevNGBkrjCoxVOndSd2QIrvy3aSDpA==
bg-2.jpeg
erc.bottomlinesavings.com/wp-content/uploads/2021/11/
52 KB
53 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2021/11/bg-2.jpeg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
fbfcb3d9772fcfd1fa71e0f3cdb82841e345fa62d2ffa529762cd0e2b5c8cea7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Fri, 05 Nov 2021 10:00:17 GMT
server
nginx
etag
"618500b1-d145"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
53573
1280038571-b0f05c7783f3bedb7e674ed600cbcf55d9f11d0ffe9cfdd84_960
i.vimeocdn.com/video/
42 KB
42 KB
Image
General
Full URL
https://i.vimeocdn.com/video/1280038571-b0f05c7783f3bedb7e674ed600cbcf55d9f11d0ffe9cfdd84_960
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0412e9bd040f09a1c212b640d2de2f8bab0823068b15b324ea69299b69046e37

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
2044517
x-viewmaster-lossless-format
automatic
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
42512
viewmaster-server
viewmaster-us-central1-x49d
x-served-by
cache-dfw-kdfw8210035-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794622.079288,VS0,VE2
etag
a342bd73deff5a4719c9f33cefe56311
access-control-max-age
86400
vary
Accept
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
5525, 1
modules.ttf
erc.bottomlinesavings.com/wp-content/themes/Divi/core/admin/fonts/modules/all/
90 KB
91 KB
Font
General
Full URL
https://erc.bottomlinesavings.com/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/wp-content/themes/Divi/style-static.min.css?ver=4.19.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09

Request headers

Referer
https://erc.bottomlinesavings.com/wp-content/themes/Divi/style-static.min.css?ver=4.19.1
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Fri, 18 Nov 2022 19:51:31 GMT
server
nginx
etag
"6377e243-168f0"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
92400
736302036
player.vimeo.com/video/ Frame 53BB
20 KB
10 KB
Document
General
Full URL
https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e11da26b70eb2fc9c6a4cf39be956b849933a23a003d0cfa65d2ddb88447a1bf
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://erc.bottomlinesavings.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
0
CF-Cache-Status
DYNAMIC
CF-RAY
784018141a295c32-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 Jan 2023 01:10:22 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
MISS
X-Cache-Hits
0
X-Player-Backend
p
X-Served-By
cache-fra-eddf8230106-FRA
X-Timer
S1672794622.109659,VS0,VE114
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
expires
Wed, 04 Jan 2023 01:18:44 GMT
link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
x-backend-proxy
playproxy6
x-bapp-server
player-775557469c-8bv6t
x-content-type-options
nosniff
x-host
player-775557469c-8bv6t
x-varnish-cache
1
x-vserver
playproxy-rollout-prod-varnish-5
x-xss-protection
1; mode=block
truncated
/
990 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
763c6ce6cbd69fcd3c3b42b7d7b147eb0f2ff832e83185944ebf2d660b9f444f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
c89d1921-shutterstock-1873195159_10pa0gu00000000000001o.jpg
erc.bottomlinesavings.com/wp-content/uploads/2022/05/
30 KB
30 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/05/c89d1921-shutterstock-1873195159_10pa0gu00000000000001o.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f8c812266a77da07d5b5a18f38d27dd18a85039c810f464330f1dec72799b05f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Wed, 11 May 2022 19:29:03 GMT
server
nginx
etag
"627c0e7f-7766"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
30566
cf95d54a-shutterstock-1492319759_10ro0ig0ok0ig01k00001o.jpg
erc.bottomlinesavings.com/wp-content/uploads/2022/05/
35 KB
35 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/05/cf95d54a-shutterstock-1492319759_10ro0ig0ok0ig01k00001o.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c85857b2120e11cf50bb5f9cfd0104425064ed93a3230ee1d6632a0c89f480c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Wed, 11 May 2022 19:29:21 GMT
server
nginx
etag
"627c0e91-8c38"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
35896
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic|Mulish:200,300,regular,500,600,700,800,900,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 28 Dec 2022 20:10:25 GMT
x-content-type-options
nosniff
age
536397
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 28 Dec 2023 20:10:25 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic|Mulish:200,300,regular,500,600,700,800,900,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 30 Dec 2022 05:09:29 GMT
x-content-type-options
nosniff
age
417653
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 05:09:29 GMT
page-event
capture-api.ap3prod.com/-/events/
68 B
528 B
XHR
General
Full URL
https://capture-api.ap3prod.com/-/events/page-event
Requested by
Host: cdn3l.ink
URL: https://cdn3l.ink/app.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.23.186.114 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-23-186-114.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
532b9ddbefbb19b5f6f7e61f8eda6d3e759f9a3aad795525685f610c03bd0888
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://erc.bottomlinesavings.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-version
master-2301030255-3564-a53a224
allow
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
https://erc.bottomlinesavings.com
cache-control
no-cache, must-revalidate
vary
Accept-Encoding, Accept-Encoding
content-length
68
expires
0
/
bottomlinesavings.referralrock.com/externaltrack/ Frame CA3A
1021 B
2 KB
Document
General
Full URL
https://bottomlinesavings.referralrock.com/externaltrack/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&pageTitle=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&scriptv=https%3A%2F%2Fbottomlinesavings.referralrock.com%2Fsdk%2Freferral.js%3F05-10-21&transactionKey=cc3508fd-a73b-49b6-b5b9-b89e6156f995&sourceURL=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Requested by
Host: bottomlinesavings.referralrock.com
URL: https://bottomlinesavings.referralrock.com/sdk/referral.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.106.146 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c3327a5ebe29bcdeb910177a3db1a6b64233aab6be3e08781fcafa61e59204c2

Request headers

Referer
https://erc.bottomlinesavings.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Request-Context
Cache-Control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
818
Content-Type
text/html; charset=utf-8
Date
Wed, 04 Jan 2023 01:10:22 GMT
Request-Context
appId=cid-v1:683234c1-44ae-4c0f-a0cc-363d1e4dad53
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
player.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 53BB
476 KB
115 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/player.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5ce56c25f3aa19c9ebf212d2c8531ec73518a1e254ad2872d4211d2b644d9f9c

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kjyo7100129-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135786
x-timer
S1672794622.318651,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
117511
x-cache-hits
13, 233271
vendor.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 53BB
378 KB
90 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/vendor.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5a613d64a17940bb2f9d1dd791dfcd023826c9f931706687e511888c565cd44e

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kcgs7200115-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135786
x-timer
S1672794622.318722,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
92370
x-cache-hits
17, 432843
player.css
f.vimeocdn.com/p/4.16.5/css/ Frame 53BB
245 KB
22 KB
Stylesheet
General
Full URL
https://f.vimeocdn.com/p/4.16.5/css/player.css
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1b672e7932ba30dc918fc8ff58dbc3ffa85b6f47e6dfc18dfb6c3ad8596e0111

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kjyo7100082-IAD, cache-hhn-etou8220053-HHN
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135787
x-timer
S1672794622.299151,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
21880
x-cache-hits
11, 290004
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDMGJF5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 03 Jan 2023 23:24:37 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
6345
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Wed, 04 Jan 2023 01:24:37 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10975010456/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10975010456/?random=1672794622280&cv=11&fst=1672794622280&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&auid=1578181529.1672794622&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDMGJF5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
55029971aaca4c1ababc8500839e5e701a01ddd4d007c32697c9b2a99e58b3b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1003
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
224 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-6TR8MCZ3HR&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDMGJF5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9a482237ab24863610da9e41162c5e87ba4c0f179ca3154e10784c1fde9f08dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79004
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 04 Jan 2023 01:10:22 GMT
js
www.googletagmanager.com/gtag/
179 KB
65 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10792409338&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WDMGJF5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2485d90ef227f23aa24cbf663090fbd8075d645e210d508231366ff1b43713f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67033
x-xss-protection
0
last-modified
Wed, 04 Jan 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 04 Jan 2023 01:10:22 GMT
1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d.jpg
i.vimeocdn.com/video/ Frame 53BB
2 KB
2 KB
Image
General
Full URL
https://i.vimeocdn.com/video/1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d.jpg?mw=80&q=85
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fdbe8e8c5dcc8a6c982927cf7f05b7f64dd094aecf5edb7efc14ede8b8206d02

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
313711
x-viewmaster-lossless-format
lossy
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
1800
viewmaster-server
viewmaster-us-central1-z4z9
x-served-by
cache-dfw-kdfw8210122-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794622.293727,VS0,VE1
etag
55710f3c33693175d2b3ea53ccbade28
access-control-max-age
86400
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
10055, 1
player.de-DE.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 53BB
477 KB
116 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/player.de-DE.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eaa2248a4f028a6f5c59f7bb3a9c5e1ff921bcb2ee66517665788f675e99e99f

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kiad7000164-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135785
x-timer
S1672794622.326302,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
MISS, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
118649
x-cache-hits
0, 177086
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10792409338/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10792409338/?random=1672794622332&cv=11&fst=1672794622332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&auid=1578181529.1672794622&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10792409338
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3e6b81f368882b2da4c68753b292bcd344e08cbc5ade64cbb71bbf154ea944c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1022
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=5923003&t=pageview&_s=1&dl=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&dr=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&ul=en-us&de=UTF-8&dt=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=642365124&gjid=132077636&cid=425664301.1672794622&tid=UA-239739568-1&_gid=1149654864.1672794622&_r=1&gtm=2wgbu0WDMGJF5&z=1421084876
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://erc.bottomlinesavings.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://erc.bottomlinesavings.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
233 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b525da64cd93b810d09228b938798c6636de35452bba69d8577059becf31868b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
224 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
120c709d4bf46ef1f8e03d9d1a14f86eee7391668cf96139626f5344f30ede7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
232 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f6830e1d7fe50cf6357510318f5a0f3811f8cb13d89b4c6533f13ea3203b94ed

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
231 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cca9aeb3ffbae77e659139a764cd1cbd20f2f5dcfa0674bd6f325d1e0991a754

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
1Ptvg83HX_SGhgqk3wot.woff2
fonts.gstatic.com/s/mulish/v12/
27 KB
27 KB
Font
General
Full URL
https://fonts.gstatic.com/s/mulish/v12/1Ptvg83HX_SGhgqk3wot.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic|Mulish:200,300,regular,500,600,700,800,900,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8da72dacca3725d500bc789e5f506c76367804eecc46c4249ce0ff822d7a147e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Mon, 02 Jan 2023 22:12:50 GMT
x-content-type-options
nosniff
age
97052
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27428
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 02 Jan 2024 22:12:50 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100italic,300,300italic,regular,italic,500,500italic,700,700italic,900,900italic|Mulish:200,300,regular,500,600,700,800,900,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Fri, 30 Dec 2022 20:22:20 GMT
x-content-type-options
nosniff
age
362882
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 20:22:20 GMT
bg-4.jpg
erc.bottomlinesavings.com/wp-content/uploads/2021/11/
31 KB
31 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2021/11/bg-4.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
c576e86cc04c7c152cb05512aef6ef7bb29e2ea424ef2d9e44b54d238536f0f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Fri, 05 Nov 2021 19:17:39 GMT
server
nginx
etag
"61858353-7d0a"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
32010
fa-regular-400.woff2
use.fontawesome.com/releases/v5.15.4/webfonts/
13 KB
14 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.15.4/webfonts/fa-regular-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.15.4/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

Request headers

Referer
https://use.fontawesome.com/releases/v5.15.4/css/all.css
Origin
https://erc.bottomlinesavings.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
ZZ9R356MQ2QJDSWT
age
1220630
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13224
x-amz-id-2
878hTFNy3Xj+/dVN97vGWYliRfdQyBdJD1byEJUYgXH/bcVu4nJ5hhbflatDgw+L80zaWckbQcI=
last-modified
Wed, 04 Aug 2021 20:43:47 GMT
server
cloudflare
etag
"b91d376b8d7646d671cd820950d5f7f1"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3y9iSYveA5C2OdgxiQJ%2FqpHe%2BUjPByqkw2hCIe36J9ipIRX29O8nDuhu5WOYZLkgxaHKAklS05WAfEGqkJ9GnZSyaBEg6rhT2YCppTerQp0VZZlaF7jXcgf2cCdLMRIErno92Fd5eEAiSy7YveiD2uA"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
784018170b529137-FRA
get
capture-api.ap3prod.com/-/widgets/
73 B
392 B
XHR
General
Full URL
https://capture-api.ap3prod.com/-/widgets/get
Requested by
Host: cdn3l.ink
URL: https://cdn3l.ink/app.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.23.186.114 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-23-186-114.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
58ccb79fe4b56d04ac2262393b7dc63bc943106c9915771ceccef1baf6d6c7cc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://erc.bottomlinesavings.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-version
master-2301030255-3564-a53a224
date
Wed, 04 Jan 2023 01:10:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, Accept-Encoding
allow
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
https://erc.bottomlinesavings.com
content-type
application/json
content-length
73
gr6-yw3-b4g
calendly.com/d/ Frame 9B24
147 KB
18 KB
Document
General
Full URL
https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/external/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c95db6b42a4b91ef24b05eebd3e8c47a03d8814c32ad095f185cf6d60a80c0c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL

Request headers

Referer
https://erc.bottomlinesavings.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
78401818abd79b9b-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Jan 2023 01:10:23 GMT
link
<https://assets.calendly.com/assets/booking/css/booking-0db55de6.css>; rel=preload; as=style; nopush
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
ALLOWALL
x-request-id
499c67126c3611d0e69e732e6e08e907
x-runtime
0.104526
gr6-yw3-b4g
calendly.com/d/ Frame C0B4
147 KB
18 KB
Document
General
Full URL
https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/external/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27dc991d39bbb1126c69748761823a8339cc21bb45453ba7dcb1e69244ec4342
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL

Request headers

Referer
https://erc.bottomlinesavings.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
78401818abd99b9b-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Jan 2023 01:10:23 GMT
link
<https://assets.calendly.com/assets/booking/css/booking-0db55de6.css>; rel=preload; as=style; nopush
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
ALLOWALL
x-request-id
79ad88314cfe7141667f7b0d5aa3d370
x-runtime
0.058010
1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d
i.vimeocdn.com/video/ Frame 53BB
0
0

736302036
player.vimeo.com/video/ Frame 14E7
20 KB
10 KB
Document
General
Full URL
https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc93a5e5259a7922e57c74e7c9d47a7e01e4bfc3d5576ee6257e2eeb3ca50885
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://erc.bottomlinesavings.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
0
CF-Cache-Status
DYNAMIC
CF-RAY
784018189eeb5c32-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 Jan 2023 01:10:22 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
MISS
X-Cache-Hits
0
X-Player-Backend
p
X-Served-By
cache-fra-eddf8230106-FRA
X-Timer
S1672794623.831493,VS0,VE168
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
expires
Wed, 04 Jan 2023 01:17:04 GMT
link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
x-backend-proxy
playproxy3
x-bapp-server
player-775557469c-vvxqj
x-content-type-options
nosniff
x-host
player-775557469c-vvxqj
x-varnish-cache
1
x-vserver
playproxy-rollout-prod-varnish-2
x-xss-protection
1; mode=block
audemars-piguet.jpg
erc.bottomlinesavings.com/wp-content/uploads/2022/05/
3 KB
4 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/05/audemars-piguet.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7c03f0e8e02ab0f45351a94b123cb0132fa2327ead5b39351361ff1d239bb6a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Sun, 08 May 2022 08:27:20 GMT
server
nginx
etag
"62777ee8-dab"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
3499
boston.jpg
erc.bottomlinesavings.com/wp-content/uploads/2022/05/
12 KB
12 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/05/boston.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
422201f001c0446da08a7c75bcc5ce846f287c639b69609b0387bba6596e3940

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Sun, 08 May 2022 08:37:33 GMT
server
nginx
etag
"6277814d-2e70"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
11888
college.jpg
erc.bottomlinesavings.com/wp-content/uploads/2022/05/
8 KB
8 KB
Image
General
Full URL
https://erc.bottomlinesavings.com/wp-content/uploads/2022/05/college.jpg
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.135.223.120 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.223.135.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
2647853155c0cc816458fbcf28c36b751add8a0e93934e2a4c9c0350a8fa8d9b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:22 GMT
last-modified
Sun, 08 May 2022 08:35:06 GMT
server
nginx
etag
"627780ba-1e37"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
7735
collect
region1.google-analytics.com/g/
0
353 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-6TR8MCZ3HR&gtm=2oebu0&_p=5923003&cid=425664301.1672794622&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1672794622&sct=1&seg=0&dl=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&dr=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&dt=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6TR8MCZ3HR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:23 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://erc.bottomlinesavings.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10792409338/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10792409338/?random=1672794622332&cv=11&fst=1672794000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=206832155&rmt_tld=0&ipr=y
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10792409338/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10792409338/?random=1672794622332&cv=11&fst=1672794000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=206832155&rmt_tld=1&ipr=y
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10975010456/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10975010456/?random=1672794622280&cv=11&fst=1672794000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&fmt=3&is_vtc=1&random=3242779359&rmt_tld=0&ipr=y
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10975010456/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10975010456/?random=1672794622280&cv=11&fst=1672794000000&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Ferc.bottomlinesavings.com%2Fv2%2F%3FRR_WCID%3DCF8512CB-6AD5-4A36-86A0-2ECB72BF58C9%26RR_WCID_TTL%3D396%26REFERRALCODE%3DJOHNNYSNOW69&ref=https%3A%2F%2Fbottomlinesavings.referralrock.com%2F&tiba=Employee%20Retention%20Credit%20-%20ERC%20Bottom%20Line%20Savings&fmt=3&is_vtc=1&random=3242779359&rmt_tld=1&ipr=y
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://erc.bottomlinesavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Jan 2023 01:10:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
player.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 14E7
476 KB
115 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/player.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5ce56c25f3aa19c9ebf212d2c8531ec73518a1e254ad2872d4211d2b644d9f9c

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kjyo7100129-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:23 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135787
x-timer
S1672794623.029366,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
117511
x-cache-hits
13, 233272
vendor.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 14E7
378 KB
90 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/vendor.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
5a613d64a17940bb2f9d1dd791dfcd023826c9f931706687e511888c565cd44e

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kcgs7200115-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:23 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135787
x-timer
S1672794623.029502,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
92370
x-cache-hits
17, 432844
player.css
f.vimeocdn.com/p/4.16.5/css/ Frame 14E7
245 KB
21 KB
Stylesheet
General
Full URL
https://f.vimeocdn.com/p/4.16.5/css/player.css
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1b672e7932ba30dc918fc8ff58dbc3ffa85b6f47e6dfc18dfb6c3ad8596e0111

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kjyo7100082-IAD, cache-hhn-etou8220053-HHN
date
Wed, 04 Jan 2023 01:10:23 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135787
x-timer
S1672794623.029557,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
HIT, HIT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
21880
x-cache-hits
11, 290005
1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d.jpg
i.vimeocdn.com/video/ Frame 14E7
2 KB
2 KB
Image
General
Full URL
https://i.vimeocdn.com/video/1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d.jpg?mw=80&q=85
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fdbe8e8c5dcc8a6c982927cf7f05b7f64dd094aecf5edb7efc14ede8b8206d02

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
313712
x-viewmaster-lossless-format
lossy
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
1800
viewmaster-server
viewmaster-us-central1-z4z9
x-served-by
cache-dfw-kdfw8210122-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794623.032488,VS0,VE0
etag
55710f3c33693175d2b3ea53ccbade28
access-control-max-age
86400
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
10055, 2
player.de-DE.module.js
f.vimeocdn.com/p/4.16.5/js/ Frame 14E7
477 KB
116 KB
Script
General
Full URL
https://f.vimeocdn.com/p/4.16.5/js/player.de-DE.module.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/736302036?h=12d950bb2f&dnt=1&app_id=122963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eaa2248a4f028a6f5c59f7bb3a9c5e1ff921bcb2ee66517665788f675e99e99f

Request headers

Referer
https://player.vimeo.com/
Origin
https://player.vimeo.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by
cache-iad-kiad7000164-IAD, cache-hhn-etou8220092-HHN
date
Wed, 04 Jan 2023 01:10:23 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
age
1135786
x-timer
S1672794623.034961,VS0,VE0
vary
Accept-Encoding,x-http-method-override
x-cache
MISS, HIT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1209600
accept-ranges
bytes
content-length
118649
x-cache-hits
0, 177087
1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d
i.vimeocdn.com/video/ Frame 14E7
47 KB
47 KB
Image
General
Full URL
https://i.vimeocdn.com/video/1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d?mw=1100&mh=619
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0afb96a1f5f77b2280aad57d51c634b5ad1a31eca2512af39b0a8cd70d60b4b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
309012
x-viewmaster-lossless-format
automatic
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
47829
viewmaster-server
viewmaster-us-east1-tn9s
x-served-by
cache-dfw-kdfw8210094-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794623.140064,VS0,VE0
etag
ef123ee96900dd7beb30bd828aa37877
access-control-max-age
86400
vary
Accept
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
834, 2
booking-0db55de6.css
assets.calendly.com/assets/booking/css/ Frame C0B4
325 KB
168 KB
Stylesheet
General
Full URL
https://assets.calendly.com/assets/booking/css/booking-0db55de6.css
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c77e632c98859a9e2b6553f566c07803ce46dcabe8903dd6920b4eb1fe4f514
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1316823
cf-polished
origSize=353570
last-modified
Mon, 19 Dec 2022 19:17:38 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f787be17348b22a2cbc6d47755ceff4f"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
7840181b1e7d9b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d
i.vimeocdn.com/video/ Frame 14E7
47 KB
47 KB
Image
General
Full URL
https://i.vimeocdn.com/video/1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d?mw=1100&mh=619
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0afb96a1f5f77b2280aad57d51c634b5ad1a31eca2512af39b0a8cd70d60b4b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
309012
x-viewmaster-lossless-format
automatic
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
47829
viewmaster-server
viewmaster-us-east1-tn9s
x-served-by
cache-dfw-kdfw8210094-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794623.257185,VS0,VE0
etag
ef123ee96900dd7beb30bd828aa37877
access-control-max-age
86400
vary
Accept
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
834, 3
75405442_60x60
i.vimeocdn.com/portrait/ Frame 14E7
2 KB
2 KB
Image
General
Full URL
https://i.vimeocdn.com/portrait/75405442_60x60
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.122.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
26ba0b6dec97e946001dc7e45b2462cf0cf69187bcc62423f5b702819ab98cda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
1410111
x-viewmaster-lossless-format
automatic
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
1847
viewmaster-server
viewmaster-us-central1-ddc8
x-served-by
cache-dfw-kdfw8210023-DFW, cache-hhn-etou8220053-HHN
x-timer
S1672794623.290208,VS0,VE1
etag
1200b2c8d2726d15b0dbe4f232fdbe06
access-control-max-age
86400
vary
Accept
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
2990, 1
booking-0db55de6.css
assets.calendly.com/assets/booking/css/ Frame 9B24
325 KB
168 KB
Stylesheet
General
Full URL
https://assets.calendly.com/assets/booking/css/booking-0db55de6.css
Requested by
Host: erc.bottomlinesavings.com
URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c77e632c98859a9e2b6553f566c07803ce46dcabe8903dd6920b4eb1fe4f514
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1316823
cf-polished
origSize=353570
last-modified
Mon, 19 Dec 2022 19:17:38 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f787be17348b22a2cbc6d47755ceff4f"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
7840181b9f009b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
booking-runtime-f5803a78.js
assets.calendly.com/assets/booking/js/ Frame 9B24
10 KB
3 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/booking-runtime-f5803a78.js
Requested by
Host: calendly.com
URL: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76a0a15ccd9f1dbd30e7ae673eb863b3eadcc3a6e650b00f0fb11bdae8268a46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1316822
cf-polished
origSize=19551
last-modified
Mon, 19 Dec 2022 19:17:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f36806ec396ebc53c97d1874900c0bb5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7840181c8ff79b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
booking-90f7c898.js
assets.calendly.com/assets/booking/js/ Frame 9B24
2 MB
423 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Requested by
Host: calendly.com
URL: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
576194a2a323cdae464a5dc675aa69fe5ccdeac519d1cb7494da0f040f2bef77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1155763
cf-polished
origSize=1585448
last-modified
Wed, 21 Dec 2022 16:01:58 GMT
cf-bgj
minify
server
cloudflare
etag
W/"903d0cd43833c40c89a4d89c055958a9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7840181c8ffa9b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
booking-runtime-f5803a78.js
assets.calendly.com/assets/booking/js/ Frame C0B4
10 KB
3 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/booking-runtime-f5803a78.js
Requested by
Host: calendly.com
URL: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76a0a15ccd9f1dbd30e7ae673eb863b3eadcc3a6e650b00f0fb11bdae8268a46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1316822
cf-polished
origSize=19551
last-modified
Mon, 19 Dec 2022 19:17:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"f36806ec396ebc53c97d1874900c0bb5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7840181cb82e9b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
booking-90f7c898.js
assets.calendly.com/assets/booking/js/ Frame C0B4
2 MB
423 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Requested by
Host: calendly.com
URL: https://calendly.com/d/gr6-yw3-b4g?embed_domain=erc.bottomlinesavings.com&embed_type=Inline&utm_medium=JOHNNYSNOW69&utm_source=ReferralRock&hide_gdpr_banner=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
576194a2a323cdae464a5dc675aa69fe5ccdeac519d1cb7494da0f040f2bef77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
1155763
cf-polished
origSize=1585448
last-modified
Wed, 21 Dec 2022 16:01:58 GMT
cf-bgj
minify
server
cloudflare
etag
W/"903d0cd43833c40c89a4d89c055958a9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7840181cb8319b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
v3
js.stripe.com/ Frame 9B24
409 KB
98 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 -, , ASN (),
Reverse DNS
Software
Fastly /
Resource Hash
6688226760e7c28f64b27540ced70c0b6a04627171824fb6575fd5ee4990f2af
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 01:10:23 GMT
via
1.1 varnish
age
36
x-cache
HIT
content-length
100538
x-request-id
af1100ef-ba17-4b21-9bec-d1f086e9454f
x-served-by
cache-hhn-etou8220071-HHN
last-modified
Tue, 03 Jan 2023 20:44:21 GMT
server
Fastly
etag
"4bb53da21f835fe341103dcaa9343f4c"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
6
en-a7538753.chunk.js
assets.calendly.com/assets/booking/js/locales/ Frame 9B24
25 KB
9 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/locales/en-a7538753.chunk.js
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-runtime-f5803a78.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d0f1a05ef913a5d77851fe212364a3d36fbd32d13f17563fdcd491e379c80ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 13 Dec 2022 20:25:53 GMT
cf-bgj
minify
server
cloudflare
age
1831138
etag
W/"d62fc14dae257fd86bf553483ceb9d7a"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
cache-control
public, max-age=31536000
cf-ray
7840181e29c39b9b-FRA
expires
Thu, 05 Jan 2023 01:10:23 GMT
config.json
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame 9B24
218 B
608 B
Fetch
General
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.5&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.124%20Safari%2F537.36&language=JavaScript
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e400:3:9a1f:ef40:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8acee54f6a0177511da9094fe528e7a359d5acc11e062cd7d370be3051ecd961

Request headers

Accept
application/json
Cache-Control
no-cache,no-store
Referer
https://calendly.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 14:57:24 GMT
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
last-modified
Fri, 02 Dec 2022 22:01:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
36781
etag
"539c4cea4ea951c45968ba49186e20a9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
x-cache
Hit from cloudfront
accept-ranges
bytes
content-length
218
x-amz-cf-id
yuFk8X05xSkcDrLsLuyobCvv_3r7hRfGjIYydzH6ZmN4GqTHn2-GnA==
v3
js.stripe.com/ Frame C0B4
409 KB
99 KB
Script
General
Full URL
https://js.stripe.com/v3
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 -, , ASN (),
Reverse DNS
Software
Fastly /
Resource Hash
6688226760e7c28f64b27540ced70c0b6a04627171824fb6575fd5ee4990f2af
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Jan 2023 01:10:23 GMT
via
1.1 varnish
age
6
x-cache
HIT
content-length
100538
x-request-id
dcb395f8-050a-47d0-9d09-3c6f4b11c5af
x-served-by
cache-hhn-etou8220071-HHN
last-modified
Tue, 03 Jan 2023 20:43:33 GMT
server
Fastly
etag
"4bb53da21f835fe341103dcaa9343f4c"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
3
en-a7538753.chunk.js
assets.calendly.com/assets/booking/js/locales/ Frame C0B4
25 KB
9 KB
Script
General
Full URL
https://assets.calendly.com/assets/booking/js/locales/en-a7538753.chunk.js
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-runtime-f5803a78.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d0f1a05ef913a5d77851fe212364a3d36fbd32d13f17563fdcd491e379c80ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 13 Dec 2022 20:25:53 GMT
cf-bgj
minify
server
cloudflare
age
1831139
etag
W/"d62fc14dae257fd86bf553483ceb9d7a"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
cache-control
public, max-age=31536000
cf-ray
7840181eda9b9b9b-FRA
expires
Thu, 05 Jan 2023 01:10:24 GMT
config.json
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame C0B4
218 B
606 B
Fetch
General
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.5&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.124%20Safari%2F537.36&language=JavaScript
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e400:3:9a1f:ef40:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8acee54f6a0177511da9094fe528e7a359d5acc11e062cd7d370be3051ecd961

Request headers

Accept
application/json
Cache-Control
no-cache,no-store
Referer
https://calendly.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 14:57:24 GMT
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
last-modified
Fri, 02 Dec 2022 22:01:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
36781
etag
"539c4cea4ea951c45968ba49186e20a9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
x-cache
Hit from cloudfront
accept-ranges
bytes
content-length
218
x-amz-cf-id
CavmDJ84xN7v-wlLrBUAMBi-ba0tWOeSCXMoqHlg099f8sl8aqX4oQ==
config.json
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame
0
0
Preflight
General
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.5&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.124%20Safari%2F537.36&language=JavaScript
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e400:3:9a1f:ef40:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
cache-control
Access-Control-Request-Method
GET
Origin
https://calendly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
cache-control
access-control-allow-methods
GET
access-control-allow-origin
*
content-length
0
date
Wed, 04 Jan 2023 01:10:24 GMT
server
AmazonS3
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-cf-id
5XkpO9J3pGbjxEJnTc1DAVFRd-eAenmDF0qL-jdJ7ANVhvAC9BWHBg==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
config.json
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame
0
0
Preflight
General
Full URL
https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.5&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F108.0.5359.124%20Safari%2F537.36&language=JavaScript
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:e400:3:9a1f:ef40:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
cache-control
Access-Control-Request-Method
GET
Origin
https://calendly.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
cache-control
access-control-allow-methods
GET
access-control-allow-origin
*
content-length
0
date
Wed, 04 Jan 2023 01:10:24 GMT
server
AmazonS3
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
x-amz-cf-id
AWKzbHVe0CP4LrDIVKMe550j7SPkaeTOGeuuFrYsEyA6j7CoYVHo_A==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
enterprise.js
www.recaptcha.net/recaptcha/ Frame 9B24
977 B
1 KB
Script
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise.js?render=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 -, , ASN (),
Reverse DNS
Software
GSE /
Resource Hash
27a561b3e673bf4271c967eab99b4fdbc0e132868aea1a5a437e0f347a97fce8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
616
x-xss-protection
1; mode=block
expires
Wed, 04 Jan 2023 01:10:24 GMT
truncated
/ Frame 9B24
37 KB
37 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d41624e9721619a0dbe00d0fd9c0175a8f97c484aab61117db7246f69b7de9ba

Request headers

Referer
Origin
https://calendly.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ Frame 9B24
45 KB
45 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ea98b82eb62795846fed9452c40531d668dd519e29633c196905d6f5af8d846

Request headers

Referer
Origin
https://calendly.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ Frame 9B24
52 KB
52 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0fc4d52bd5a04f47b6d26363e771b2d819496c81b59dd324c56dabdbd02edab

Request headers

Referer
Origin
https://calendly.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
font/ttf
enterprise.js
www.recaptcha.net/recaptcha/ Frame C0B4
977 B
681 B
Script
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise.js?render=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n
Requested by
Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-90f7c898.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 -, , ASN (),
Reverse DNS
Software
GSE /
Resource Hash
27a561b3e673bf4271c967eab99b4fdbc0e132868aea1a5a437e0f347a97fce8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://calendly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 01:10:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
616
x-xss-protection
1; mode=block
expires
Wed, 04 Jan 2023 01:10:24 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame 9B24
407 KB
163 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise.js?render=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
f100138cf28abcaac287d3bb245b80679c7ba9305591ed01b1055af5e7084f20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://calendly.com/
Origin
https://calendly.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 21:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
166478
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 21:10:37 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame C0B4
407 KB
163 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise.js?render=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
f100138cf28abcaac287d3bb245b80679c7ba9305591ed01b1055af5e7084f20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://calendly.com/
Origin
https://calendly.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 21:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
166478
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 21:10:37 GMT
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame E554
42 KB
22 KB
Document
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=p5ltu2o0oimk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 -, , ASN (),
Reverse DNS
Software
GSE /
Resource Hash
a20fc3400f7df7a4995fa1cee38283c41c2115622f61f60d08a1c5c0b39fd03f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9lmag6JhDsn4ZhmPVXnO5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://calendly.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
22305
content-security-policy
script-src 'report-sample' 'nonce-9lmag6JhDsn4ZhmPVXnO5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 04 Jan 2023 01:10:24 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame 1FAF
42 KB
22 KB
Document
General
Full URL
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=9ijrcuw1ys54
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 -, , ASN (),
Reverse DNS
Software
GSE /
Resource Hash
95448c071d8ec51a568250dde0d9cfc710a06f1ee5d2c65155d1ef19ca931e24
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-2_2u0P94l3d2iOPTvkeP1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://calendly.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
22283
content-security-policy
script-src 'report-sample' 'nonce-2_2u0P94l3d2iOPTvkeP1Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 04 Jan 2023 01:10:24 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame 1FAF
52 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/styles__ltr.css
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=9ijrcuw1ys54
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 16:16:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32049
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24262
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 16:16:15 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame 1FAF
163 KB
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=9ijrcuw1ys54
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 21:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
166478
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 21:10:37 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame E554
52 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/styles__ltr.css
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=p5ltu2o0oimk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 16:16:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
32049
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24262
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 16:16:15 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/ Frame E554
145 KB
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeAb4QUAAAAAOM9CNYSsvbnzWTByRAgm3GA5D4n&co=aHR0cHM6Ly9jYWxlbmRseS5jb206NDQz&hl=de&v=5qcenVbrhOy8zihcc2aHOWD4&size=invisible&cb=p5ltu2o0oimk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.recaptcha.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 03 Jan 2023 21:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14387
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
166478
x-xss-protection
0
last-modified
Thu, 15 Dec 2022 05:24:10 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 03 Jan 2024 21:10:37 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
i.vimeocdn.com
URL
https://i.vimeocdn.com/video/1481539354-5c71caa621ff2418ab665db3ac870accf314abb64a9c95fa659034dc149f1653-d?mw=1100&mh=619

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| oncontentvisibilityautostatechange object| divimode_loader object| DiviAreaConfig object| DiviPopupData object| DiviPopup object| DiviArea object| _wpemojiSettings undefined| $ function| jQuery function| tap string| TapfiliateObject object| urlParams function| gtag object| dataLayer object| referralJS object| ap3c object| s object| t object| overlays_with_css_trigger object| overlays_with_automatic_trigger object| et_animation_data number| TIMEOUT number| BASE_NEEDLE_ANGLE number| START_NEEDLE_MOVE_ANGLE number| END_NEEDLE_MOVE_ANGLE number| NEEDLE_ANGLE_INCREMENT number| DECIMAL_MULTIPLIER string| CLOSE_WIDGET_LINK string| PUSH_PERMISSION_LINK string| AP3_WIDGETS_PREFIX object| cookies object| frequencies boolean| isMobile object| validShopifyCartAddPaths object| validShopifyCartAddStatuses function| getTimeFromSeconds string| uA string| vendor undefined| submitter undefined| submitterSelector function| jsonFromXhr function| sortObjectAndToString function| calcTrackKey function| readCookie function| removeCookie function| convertLegacyCookies function| isKnownSession object| widgetsAccepted function| getShopifyProductCurrentVariantId function| polyfillDateInput function| Swiper object| twemoji object| wp boolean| isRRJSScriptLoaded function| executeIfRRScriptNotLoaded object| GenericWidget object| divimode_front object| DIVI object| et_builder_utils_params object| et_frontend_scripts object| et_pb_custom object| et_pb_box_shadow_elements object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| GooglebQhCsO object| gaplugins object| gaGlobal object| gaData function| Waypoint function| et_pb_debounce function| et_pb_smooth_scroll function| et_pb_form_placeholders_init function| et_duplicate_menu function| et_pb_remove_placeholder_text function| et_fix_fullscreen_section function| et_bar_counters_init function| et_fix_pricing_currency_position function| et_pb_set_responsive_grid function| et_pb_set_tabs_height function| et_pb_box_shadow_apply_overlay function| et_pb_init_nav_menu function| et_pb_toggle_nav_menu function| et_pb_apply_sticky_image_effect function| et_pb_menu_inject_inline_centered_logo function| et_pb_menu_inject_item function| et_pb_reposition_menu_module_dropdowns boolean| et_load_event_fired boolean| et_is_transparent_nav boolean| et_is_vertical_nav boolean| et_is_fixed_nav boolean| et_is_minified_js boolean| et_is_minified_css boolean| et_force_width_container_change function| et_pb_init_woo_star_rating function| et_pb_wrap_woo_attribute_fields_in_span function| et_calculate_fullscreen_section_size function| et_pb_init_modules function| etFixDividerSpacing function| etInitWooReviewsRatingStars boolean| et_calculating_scroll_position boolean| et_side_nav_links_initialized object| ET_SmoothScroll object| addComment object| salvattore object| et_pb_motion_elements object| et_pb_sticky_elements object| ET_Builder object| ET_FE object| ET_FB function| et_calculate_header_values function| et_change_primary_nav_position function| et_fix_page_container_position function| et_pb_window_side_nav_scroll_init function| et_pb_side_nav_page_init object| Calendly function| et_pb_slider_init function| et_countdown_timer function| et_countdown_timer_labels function| et_pb_tabs_init function| et_pb_circle_counter_update function| et_apply_parallax function| et_parallax_set_height function| et_apply_builder_css_parallax function| et_pb_play_overlayed_video function| et_pb_resize_section_video_bg function| et_pb_center_video function| et_pb_adjust_video_margin function| et_fix_slider_height function| et_pb_submit_newsletter function| et_fix_testimonial_inner_width function| et_pb_video_background_init function| et_animate_element function| et_process_animation_data function| et_has_animation_data function| et_get_animation_classes function| et_remove_animation function| et_remove_animation_data function| et_reinit_waypoint_modules function| et_calc_fullscreen_section function| debounced_et_apply_builder_css_parallax function| et_pb_parallax_init function| et_pb_fullwidth_header_scroll function| et_pb_search_init function| et_pb_search_percentage_custom_margin_fix function| et_pb_comments_init function| et_pb_shop_add_hover_class function| onYouTubeIframeAPIReady

16 Cookies

Domain/Path Name / Value
bottomlinesavings.referralrock.com/ Name: ASP.NET_SessionId
Value: t0ba1ontoa011ihsvvbyb34z
bottomlinesavings.referralrock.com/ Name: RR_WCID
Value: CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9
.referralrock.com/ Name: _ga
Value: GA1.2.541992272.1672794620
.referralrock.com/ Name: _gid
Value: GA1.2.1202964688.1672794620
.referralrock.com/ Name: _gat
Value: 1
.erc.bottomlinesavings.com/ Name: RR_WCID
Value: CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9
.vimeo.com/ Name: __cf_bm
Value: h5dgpx9FhG3a15.up9uqH4O4m23SRqRd8_zI6yT_.Co-1672794622-0-AeiXE/knqsbx2Tex6PdK+C5AguaCHVqLfc4kfoLni/Vj6A0Oif6ay7UeilLJ1KpPDJlL6Fk7etXOabAjO8ugses=
.bottomlinesavings.com/ Name: _gcl_au
Value: 1.1.1578181529.1672794622
.calendly.com/ Name: __cf_bm
Value: iyBuWVKX8J91PYtVzVtVRjvzkGZHWWZuOsX0ewzjh3U-1672794622-0-ARpkZOzqKV7HAf60b9KgKWaYpO5nccMoF9lcACkCGO4/UmQf4Vpax6GOGi6fYL9yXCxtZlzfV8ODaDv9MbtjTfs=
.bottomlinesavings.com/ Name: _gid
Value: GA1.2.1149654864.1672794622
.bottomlinesavings.com/ Name: _gat_UA-239739568-1
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
erc.bottomlinesavings.com/ Name: ap3c
Value: IGO00f7h8Nz4DBwBAGO00f5pnZzp3go2wOK1-WyEwNo3unPHQQ
.bottomlinesavings.com/ Name: _ga_6TR8MCZ3HR
Value: GS1.1.1672794622.1.0.1672794622.0.0.0
.bottomlinesavings.com/ Name: _ga
Value: GA1.1.425664301.1672794622
.calendly.com/ Name: __cfruid
Value: 8503eed2cab44207ce9f5a3b170a1e26a99cc8ae-1672794623

1 Console Messages

Source Level URL
Text
other warning URL: https://erc.bottomlinesavings.com/v2/?RR_WCID=CF8512CB-6AD5-4A36-86A0-2ECB72BF58C9&RR_WCID_TTL=396&REFERRALCODE=JOHNNYSNOW69(Line 329)
Message:
Allow attribute will take precedence over 'allowfullscreen'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.calendly.com
bottomlinesavings.referralrock.com
calendly.com
capture-api.ap3prod.com
cdn3l.ink
erc.bottomlinesavings.com
f.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.vimeocdn.com
js.stripe.com
notifier-configs.airbrake.io
player.vimeo.com
region1.google-analytics.com
script.tapfiliate.com
stats.g.doubleclick.net
use.fontawesome.com
www.employeeretentioncredit.jrsmarketsmanager.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.recaptcha.net
i.vimeocdn.com
13.32.121.73
146.75.122.109
151.101.128.176
162.159.138.60
192.232.251.47
20.75.106.146
2001:4860:4802:32::36
2600:9000:2251:e400:3:9a1f:ef40:93a1
2606:4700:3108::ac42:28e6
2606:4700:e2::ac40:840f
2a00:1450:4001:802::2003
2a00:1450:4001:803::2008
2a00:1450:4001:806::200e
2a00:1450:4001:808::2004
2a00:1450:4001:813::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::2003
2a00:1450:400d:80a::2002
2a00:1450:4025:401::9b
3.23.186.114
34.135.223.120
65.9.95.37
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0412e9bd040f09a1c212b640d2de2f8bab0823068b15b324ea69299b69046e37
06911f159ff34888369f593aed2ea405b091973929c24a23d9b5e8b97f06eab9
0826d6c5a2249f46b088b74d85567d7f0bfa9cf7e583441efe8b8eba09f45da5
0852e3f6a01efa52749a530fa9a44e48c86bbd948d57188b528e8ef591919bbd
0a47c6e6f24e634cb79f886e70bbfd65e1e85b0d2aa4fc133488fd1bc1910e3e
0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58
0afb96a1f5f77b2280aad57d51c634b5ad1a31eca2512af39b0a8cd70d60b4b1
120c709d4bf46ef1f8e03d9d1a14f86eee7391668cf96139626f5344f30ede7c
1a2d8cdd8b010168f8ff2c5cff454bea4394383a2221fa9d157ab2b339f33bd2
1b672e7932ba30dc918fc8ff58dbc3ffa85b6f47e6dfc18dfb6c3ad8596e0111
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
1f7cd2e95f384456925ed00ddb3ab0b4407e8df4c67f4d7b24a760286d26f40d
2183a5a703ab98377977d3cd66a3b2adfe896ff216b9f215d25b973407e98d4c
2485d90ef227f23aa24cbf663090fbd8075d645e210d508231366ff1b43713f4
2647853155c0cc816458fbcf28c36b751add8a0e93934e2a4c9c0350a8fa8d9b
26ba0b6dec97e946001dc7e45b2462cf0cf69187bcc62423f5b702819ab98cda
27a561b3e673bf4271c967eab99b4fdbc0e132868aea1a5a437e0f347a97fce8
27dc991d39bbb1126c69748761823a8339cc21bb45453ba7dcb1e69244ec4342
27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db
2aeb5f52037bd05979f577d66e8d28f2ee0233a94ec034a31d88a74c29f8cac2
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2d0f1a05ef913a5d77851fe212364a3d36fbd32d13f17563fdcd491e379c80ae
2f70918a8cb955a250ca301a151ff4d8fd9a755a262166d64594624eacf20569
31583227efb659feaa7740eb8168368851b5760a25cda03f9755f01aea204003
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
3b712b1f709f4cf8d3f4085e1f3f09cc5eeac283300c1f60542a363ca1aabd0b
3e6b81f368882b2da4c68753b292bcd344e08cbc5ade64cbb71bbf154ea944c3
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
422201f001c0446da08a7c75bcc5ce846f287c639b69609b0387bba6596e3940
425c17cc0de74e7e5ce91bbb6ceb6405518d61a38d298938099ad3289ab5c1d3
44798a517a7c8d28c1e371a1b8b869bae1608bd48df7ed50800cbed8703612c1
449084b0340492136e10e6034e6c16e842bdbdfdb57f103c60bf0a55d392061e
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
4c77e632c98859a9e2b6553f566c07803ce46dcabe8903dd6920b4eb1fe4f514
52cdf04826c52294d58ca3addcc77be1c197dbd5387462eef751a497630e9925
532b9ddbefbb19b5f6f7e61f8eda6d3e759f9a3aad795525685f610c03bd0888
55029971aaca4c1ababc8500839e5e701a01ddd4d007c32697c9b2a99e58b3b3
55a084b5f4c439a2786141108b266370e0e4accc4e72629b2177dc6aa658d6c8
576194a2a323cdae464a5dc675aa69fe5ccdeac519d1cb7494da0f040f2bef77
58ccb79fe4b56d04ac2262393b7dc63bc943106c9915771ceccef1baf6d6c7cc
5a613d64a17940bb2f9d1dd791dfcd023826c9f931706687e511888c565cd44e
5aa24e4ab926693e29ffb0d0ca1557141defd3ca61b3b4e7caebaa2fcd5bf327
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ce56c25f3aa19c9ebf212d2c8531ec73518a1e254ad2872d4211d2b644d9f9c
5cf6559c0bfcb98106283678c9fe6cce5042a30fe58484b6eed210201ce6f935
6411013f7f9ef06c6c81a8090729213124f35e64a68cb2a6b35338fa3851e9e6
6655fa79a86164f4c63e0e0639bad29d987efb7fcef3747d823b0639a1ae96f4
6688226760e7c28f64b27540ced70c0b6a04627171824fb6575fd5ee4990f2af
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
75079f39fe739015589a0f995f41b4c1c29d4ebac85c93a792926af09f61cc83
75c3f3f664f68995303c2f929a77b801e19a9be17906965c49cae4f1800095a3
763c6ce6cbd69fcd3c3b42b7d7b147eb0f2ff832e83185944ebf2d660b9f444f
76a0a15ccd9f1dbd30e7ae673eb863b3eadcc3a6e650b00f0fb11bdae8268a46
77d332fac16a1e8c80df4f42b9f22c4c738f46234d5f962377d327cd9d7dd9fc
78d06bfd42c3ef22e9536c021bbecda88fcb6e71d60bd706df8a184adb496a7b
7c03f0e8e02ab0f45351a94b123cb0132fa2327ead5b39351361ff1d239bb6a8
7db401974aa2a15baf0042a430b1961edd4efdd4a76f9fbd2c1590c855e162a8
7f41078fead03bf1af38928a77d23dd0a9d7b212b93a7ee6c11d7f92fdf588f0
82c304254b88b5f2b172cda014d85ae41ccf900aec3d305681b19912ffb91a24
86321659b430d61d1c232e225e927b7f052fa61669e5afc15044f75740d04429
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8acee54f6a0177511da9094fe528e7a359d5acc11e062cd7d370be3051ecd961
8ba1ae9e1e3dbd37d048b94ef181c73ab9b53a81419fd8126f29bb81ea92c2ee
8da72dacca3725d500bc789e5f506c76367804eecc46c4249ce0ff822d7a147e
8ea98b82eb62795846fed9452c40531d668dd519e29633c196905d6f5af8d846
8fe2f1cb7bc41c640ad3ea24449cfa1ba5291e16dbbbab0ef61bfe43f3212910
902c123e653f161e6c2074330392649a5097cb71359f226ab422d064100a547c
90505615f444f23f51396160f55175b50feaedd5907dfad08c5846109179da69
953c6becf813b9b206e861f3c14d66362dcf7f891ccae8b0ef4db9040cc3060f
95448c071d8ec51a568250dde0d9cfc710a06f1ee5d2c65155d1ef19ca931e24
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9a482237ab24863610da9e41162c5e87ba4c0f179ca3154e10784c1fde9f08dd
a20fc3400f7df7a4995fa1cee38283c41c2115622f61f60d08a1c5c0b39fd03f
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b525da64cd93b810d09228b938798c6636de35452bba69d8577059becf31868b
b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650
b6205029e1016596807b655c8f57818736a787e32ceb1407effa152ac3bb9380
b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976
ba06b16e3697c9fc03f5323f19ffb6305908103f3a7f6be2bb3040999b28fedd
ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878
bc93a5e5259a7922e57c74e7c9d47a7e01e4bfc3d5576ee6257e2eeb3ca50885
c0fc4d52bd5a04f47b6d26363e771b2d819496c81b59dd324c56dabdbd02edab
c2dec33a53c20ef16c3fcbb7c4afefe3b302f6792d717339c23c1f3b6845a345
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c3327a5ebe29bcdeb910177a3db1a6b64233aab6be3e08781fcafa61e59204c2
c424dd71a9922bbeee7275e8907f523d40c469c7cd64fa3b932183f74fbf969a
c4ec8763c6f7c6b9efc4a180baadbc2a4eaf9317f2781c9a4705c8c56774993d
c576e86cc04c7c152cb05512aef6ef7bb29e2ea424ef2d9e44b54d238536f0f9
c85857b2120e11cf50bb5f9cfd0104425064ed93a3230ee1d6632a0c89f480c2
c95db6b42a4b91ef24b05eebd3e8c47a03d8814c32ad095f185cf6d60a80c0c2
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cca9aeb3ffbae77e659139a764cd1cbd20f2f5dcfa0674bd6f325d1e0991a754
d201a2c3118a00c82cc48e89815f5139f23956bbe248107dcf522acc77b97c09
d41624e9721619a0dbe00d0fd9c0175a8f97c484aab61117db7246f69b7de9ba
d7ffb9e5ee5a5aec84efc6ab908397ed515567280bf05f18356d35e8f61704d0
db57d37e846e1f248a9969fed15e46f5f380566691d06854126e1877cbdbfb45
dd1b63de6a184bfc23d9cf2ffc8686f88edad845566ab0cdcec37c8bc261bc90
e11da26b70eb2fc9c6a4cf39be956b849933a23a003d0cfa65d2ddb88447a1bf
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
e51e19db4305a39866527982780d253af76c071540c09f2b215cab4b08de2b10
eaa2248a4f028a6f5c59f7bb3a9c5e1ff921bcb2ee66517665788f675e99e99f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f100138cf28abcaac287d3bb245b80679c7ba9305591ed01b1055af5e7084f20
f533a8ebfad4300d7b57deffe1ae463e3994d7295e89dc106ee7d0a112cff074
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6830e1d7fe50cf6357510318f5a0f3811f8cb13d89b4c6533f13ea3203b94ed
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8c812266a77da07d5b5a18f38d27dd18a85039c810f464330f1dec72799b05f
f96c8aa5eadbf98b155a0627034b14b6fdced2431dcd5e383eb957e42b7b9d9e
fa65a642fc9730d418d0243fa0615fdf315a36080dbed44f7f47b7f2db4a554b
fbfcb3d9772fcfd1fa71e0f3cdb82841e345fa62d2ffa529762cd0e2b5c8cea7
fdbe8e8c5dcc8a6c982927cf7f05b7f64dd094aecf5edb7efc14ede8b8206d02
fea46492526c07103d9d5d0013d41026feb67019fd2466e4bd0466d2879369a3