www.thebureauinvestigates.com Open in urlscan Pro
2606:4700:10::ac43:9c1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://thebureauinvestigates.com/
Effective URL:
https://www.thebureauinvestigates.com/
Submission Tags: tranco_l324
Submission: On October 31 via api (October 31st 2021, 2:14:37 am UTC) from DE — Scanned from DE

Summary HTTP 50 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 50 HTTP transactions. The main IP is 2606:4700:10::ac43:9c1, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.thebureauinvestigates.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 16th 2021. Valid for: a year.

This is the only time www.thebureauinvestigates.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6816:4e56	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2606:4700:10:... 2606:4700:10::ac43:9c1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2600:9000:223... 2600:9000:223e:a400:1d:2792:2640:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9c	() ()
50	9

1 2606:4700:10::6816:4e56 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

thebureauinvestigates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2606:4700:10::ac43:9c1 (United States)

ASN13335 (CLOUDFLARENET, US)

www.thebureauinvestigates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets2.thebureauinvestigates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:223e:a400:1d:2792:2640:21 (United States)

ASN16509 (AMAZON-02, US)

d3cocnzdt9u6c9.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9c (None, )

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	thebureauinvestigates.com 1 redirects thebureauinvestigates.com www.thebureauinvestigates.com assets2.thebureauinvestigates.com	400 KB
11	cloudfront.net d3cocnzdt9u6c9.cloudfront.net	384 KB
3	omappapi.com api.omappapi.com a.omappapi.com z.omappapi.com Failed	19 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	doubleclick.net stats.g.doubleclick.net	449 B
1	facebook.net connect.facebook.net	26 KB
1	opmnstr.com a.opmnstr.com	58 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
50	8

	Domain	Requested by
21	www.thebureauinvestigates.com	www.thebureauinvestigates.com
11	d3cocnzdt9u6c9.cloudfront.net	www.thebureauinvestigates.com
8	assets2.thebureauinvestigates.com	www.thebureauinvestigates.com
2	www.google-analytics.com	a.opmnstr.com www.google-analytics.com
2	a.omappapi.com	a.opmnstr.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	api.omappapi.com	a.opmnstr.com
1	connect.facebook.net	www.thebureauinvestigates.com
1	a.opmnstr.com	www.thebureauinvestigates.com
1	www.googletagmanager.com	www.thebureauinvestigates.com
1	thebureauinvestigates.com	1 redirects
0	z.omappapi.com Failed	a.opmnstr.com
50	12

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-16` - `2022-06-15`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
a.opmnstr.com R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-09` - `2021-11-07`	3 months	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
a.omappapi.com R3	`2021-10-18` - `2022-01-16`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.thebureauinvestigates.com/
Frame ID: E448139049E8E96F63BB9648BB4EDC10
Requests: 51 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Bureau of Investigative Journalism (en-GB)

Page URL History Show full URLs

http://thebureauinvestigates.com/ HTTP 301
https://www.thebureauinvestigates.com/ Page URL

Page Statistics

50
Requests

98 %
HTTPS

78 %
IPv6

8
Domains

12
Subdomains

9
IPs

3
Countries

943 kB
Transfer

1548 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thebureauinvestigates
Title: The Bureau on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/TBIJ
Title: The Bureau on Twitter

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://thebureauinvestigates.com/ HTTP 301
https://www.thebureauinvestigates.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.thebureauinvestigates.com/
Redirect Chain

http://thebureauinvestigates.com/
https://www.thebureauinvestigates.com/

78 KB
11 KB

47ms
21ms

Document
text/html

2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Craft CMS

Resource Hash

4f58e70371ba1dfe5fed1861aea4de3b30425f474047fced5463b0ca03a25c2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-type: text/html; charset=UTF-8
permissions-policy: interest-cohort=()
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Craft CMS
x-robots-tag: all
last-modified: Sun, 31 Oct 2021 01:56:18 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 368
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a695ed38f40d6d5-FRA
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date: Sun, 31 Oct 2021 02:14:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 31 Oct 2021 03:14:32 GMT
Location: https://www.thebureauinvestigates.com/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6a695ed349625364-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 main.1631957150.css
www.thebureauinvestigates.com/assets/css/ 125 KB
20 KB 17ms
16ms Stylesheet
text/css 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

180f2195bdae3f048def74498667ae08206a1f7d08a3d2085cf019b463ed1804

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Sat, 18 Sep 2021 09:25:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qzmi722qj2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=14400
cf-ray: 6a695ed3cf5ed6d5-FRA

GET
H2 200 cookieCutter.min.1617798521.js Show response
www.thebureauinvestigates.com/assets/js/ 15 KB
6 KB 19ms
19ms Script
application/javascript 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/js/cookieCutter.min.1617798521.js

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef3392ac9ca52c6155d0b174afc69e3b26638715d3d76be1a7b9cc7bba3af14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btbtn"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6a695ed3cf60d6d5-FRA

GET
H2 200 app.1629228031.js Show response
www.thebureauinvestigates.com/assets/js/dist/ 101 KB
36 KB 21ms
21ms Script
application/javascript 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/js/dist/app.1629228031.js

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f38ba920d1fc6f4f4a111b0dbfdb1919e14f5bf78c76fccf035c19da36ad3d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Tue, 17 Aug 2021 19:20:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qy00e727ml"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6a695ed3cf61d6d5-FRA

GET
H2 200 tbij-logo.svg
www.thebureauinvestigates.com/assets/img/ 5 KB
2 KB 15ms
15ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/tbij-logo.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b6f595b46870d56769cd55c72f847ffdbac2d3789ca9de357ac01c55eb33deb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1762
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt3v7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a695ed40f7cd6d5-FRA

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0NoZWVzZS1zYW5kd2ljaF8yMDIxLTEwLTA1LTE4MDQwN19idnp1LmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0eSI6MTAwLCJwcm9ncmVzc2l2Z...
d3cocnzdt9u6c9.cloudfront.net/ 183 KB
184 KB 62ms
28ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0NoZWVzZS1zYW5kd2ljaF8yMDIxLTEwLTA1LTE4MDQwN19idnp1LmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0eSI6MTAwLCJwcm9ncmVzc2l2ZSI6ZmFsc2UsInRyZWxsaXNRdWFudGlzYXRpb24iOnRydWUsIm92ZXJzaG9vdERlcmluZ2luZyI6dHJ1ZSwib3B0aW1pemVTY2FucyI6dHJ1ZX0sInJlc2l6ZSI6eyJ3aWR0aCI6MTYwMCwiZml0IjoiaW5zaWRlIn0sInNoYXJwZW4iOnRydWV9fQ==
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 90d0926d0cbd424a09c19151848995c75643419d20fcb6abcec1e88fece985b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 14:21:31 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 301980
x-amzn-requestid: 8be83d21-380f-4c83-9b05-3359f1dbeee0
x-cache: Hit from cloudfront
x-amz-apigw-id: H3wAxGz8oAMF1EA=
content-length: 187380
last-modified: Tue, 05 Oct 2021 18:04:09 GMT
x-amzn-trace-id: Root=1-6179606b-716365da1f41ee1a1a0cdf4d;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: zDPCbx4CWquzUZuwsvliqhxhuhE9pevN9T-UiD_4coCj09WLnAU5RQ==

GET
H2 200 tbij-logo-homepage.svg
www.thebureauinvestigates.com/assets/img/ 5 KB
2 KB 38ms
35ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/tbij-logo-homepage.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98f87b001a6dc885808330711a29636cd38f65ac99167f12ab807a0d3a5e32bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1856
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt434"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a695ed41f8bd6d5-FRA

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2pzdXR0bmVyLWhlYWRlci1maW5hbF8tcGxlYXNlLWNyZWRpdC1KZXNzLVN1dHRuZXIuanBnIiwiZWRpdHMiOnsianBlZyI6eyJxdWFsaXR5IjoxMDAsI...
d3cocnzdt9u6c9.cloudfront.net/ 9 KB
10 KB 60ms
27ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2pzdXR0bmVyLWhlYWRlci1maW5hbF8tcGxlYXNlLWNyZWRpdC1KZXNzLVN1dHRuZXIuanBnIiwiZWRpdHMiOnsianBlZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZSwidHJlbGxpc1F1YW50aXNhdGlvbiI6dHJ1ZSwib3ZlcnNob290RGVyaW5naW5nIjp0cnVlLCJvcHRpbWl6ZVNjYW5zIjp0cnVlfSwicmVzaXplIjp7IndpZHRoIjozMDUsImhlaWdodCI6MTgzLCJmaXQiOiJjb3ZlciJ9fX0=
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 39b5cbcf48280c7fe0ad79ef5f55aa60fd354efc375ef77f7d6898fd254c5a73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 09:16:12 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 147500
x-amzn-requestid: ce5a89eb-f0de-476c-8e06-12631d964f00
x-cache: Hit from cloudfront
x-amz-apigw-id: H9pKdGmEIAMFQmQ=
content-length: 9674
last-modified: Mon, 04 Oct 2021 15:13:58 GMT
x-amzn-trace-id: Root=1-617bbbdc-3688cc083769f9d13cf08c94;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: MuN3lxBOHHDpTnvaGLjYJ8S3lM7fWb-b35e3lVal_yQJBM5FabF2sg==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy8xMjgwcHgtU3RhdF9OZXdzX2xvZ28uc3ZnLnBuZyIsImVkaXRzIjp7InBuZyI6eyJxdWFsaXR5IjoxMDAsInByb...
d3cocnzdt9u6c9.cloudfront.net/ 4 KB
5 KB 41ms
8ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy8xMjgwcHgtU3RhdF9OZXdzX2xvZ28uc3ZnLnBuZyIsImVkaXRzIjp7InBuZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZX0sInJlc2l6ZSI6eyJ3aWR0aCI6MzQwLCJoZWlnaHQiOjgwLCJmaXQiOiJpbnNpZGUifX19
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d0786430255c437a07fab1dc138cd6073bb7d146a3354c281113755a22c98a11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 07:37:09 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 585443
x-amzn-requestid: 88d73759-67ef-4fe9-bd82-455dfa3604e5
x-cache: Hit from cloudfront
x-amz-apigw-id: Hs791Ex5oAMFUuw=
content-length: 4056
last-modified: Mon, 22 Feb 2021 11:17:59 GMT
x-amzn-trace-id: Root=1-61750d25-2539a17d6cc5534c0cd95f78;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800, must-revalidate
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: 6MNC1LoDB6pyFsRtzZnr0tLGaNJBu09rId-Jy_h9grK5i00U01zzsg==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0FsaWNlLU1vbGxvbi1FdmljdGlvbnMtbGVhZC12Mi5wbmciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlL...
d3cocnzdt9u6c9.cloudfront.net/ 5 KB
5 KB 61ms
27ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0FsaWNlLU1vbGxvbi1FdmljdGlvbnMtbGVhZC12Mi5wbmciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlLCJ0cmVsbGlzUXVhbnRpc2F0aW9uIjp0cnVlLCJvdmVyc2hvb3REZXJpbmdpbmciOnRydWUsIm9wdGltaXplU2NhbnMiOnRydWV9LCJyZXNpemUiOnsid2lkdGgiOjMwNSwiaGVpZ2h0IjoxODMsImZpdCI6ImNvdmVyIn19fQ==
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7d6e471a51f5c8aa86abbf2fcff50399453709048868dab395bfde7a1b2b9182

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 11:11:14 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 140598
x-amzn-requestid: de13aa13-a5ea-4e7f-82ff-956df1be71c0
x-cache: Hit from cloudfront
x-amz-apigw-id: H96A7EysoAMFgVQ=
content-length: 5014
last-modified: Tue, 21 Sep 2021 16:53:48 GMT
x-amzn-trace-id: Root=1-617bd6d2-4aab0cf4640112813793c6b7;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: C3HHRGAieCYByi4pX-Gjd0G3kIvRHFwuIYvOOIMIsPYQzhlSJXAr0A==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy9idXJlYXUtYmJjLnBuZyIsImVkaXRzIjp7InBuZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZ...
d3cocnzdt9u6c9.cloudfront.net/ 3 KB
4 KB 51ms
18ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy9idXJlYXUtYmJjLnBuZyIsImVkaXRzIjp7InBuZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZX0sInJlc2l6ZSI6eyJ3aWR0aCI6MzQwLCJoZWlnaHQiOjgwLCJmaXQiOiJpbnNpZGUifSwic2hhcnBlbiI6dHJ1ZX19
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: af182365f55b337676ecba2120caacd19f31db71f7e67f8828285b0bb98f272c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 21:02:35 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 105117
x-amzn-requestid: 0241331d-6228-4796-a104-58d912f3c1ad
x-cache: Hit from cloudfront
x-amz-apigw-id: H_QozFCfoAMFmgw=
content-length: 3350
last-modified: Tue, 13 Jun 2017 10:59:47 GMT
x-amzn-trace-id: Root=1-617c616b-1b6ef17231b7fa4f77cec3d1;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800, must-revalidate
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: fB7FkI73TJbUZ3TJECAT989GsQTVo00jr3qtbqH4eZzw6TakJLNOig==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2JyaWJlc18yMDAweDExMjUuanBnIiwiZWRpdHMiOnsianBlZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZSwidHJlbGxpc1F1YW50a...
d3cocnzdt9u6c9.cloudfront.net/ 14 KB
15 KB 45ms
12ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2JyaWJlc18yMDAweDExMjUuanBnIiwiZWRpdHMiOnsianBlZyI6eyJxdWFsaXR5IjoxMDAsInByb2dyZXNzaXZlIjpmYWxzZSwidHJlbGxpc1F1YW50aXNhdGlvbiI6dHJ1ZSwib3ZlcnNob290RGVyaW5naW5nIjp0cnVlLCJvcHRpbWl6ZVNjYW5zIjp0cnVlfSwicmVzaXplIjp7IndpZHRoIjozMDUsImhlaWdodCI6MTgzLCJmaXQiOiJjb3ZlciJ9fX0=
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 952ccaafca31bace58835cec8230625637018f688cc837bdaadda4c0f534c64c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 09:04:15 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 493816
x-amzn-requestid: 5df05b5a-d63e-4644-a172-29c86ca2d3ca
x-cache: Hit from cloudfront
x-amz-apigw-id: HwbqdHlBoAMFX-g=
content-length: 14796
last-modified: Wed, 08 Sep 2021 13:10:14 GMT
x-amzn-trace-id: Root=1-6176730f-6cab2c6368b628ca05779474;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: bOwcsds0z8S-x9LbG_lMKTGWwso1V1W79ewF__F5NAfb03SdQdYM-g==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0J1cmVhdS0xLWVkaXRlZC5qcGciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlLCJ0cmVsbGlzUXVhbnRpc...
d3cocnzdt9u6c9.cloudfront.net/ 17 KB
18 KB 15ms
14ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0J1cmVhdS0xLWVkaXRlZC5qcGciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlLCJ0cmVsbGlzUXVhbnRpc2F0aW9uIjp0cnVlLCJvdmVyc2hvb3REZXJpbmdpbmciOnRydWUsIm9wdGltaXplU2NhbnMiOnRydWV9LCJyZXNpemUiOnsid2lkdGgiOjMwNSwiaGVpZ2h0IjoxODMsImZpdCI6ImNvdmVyIn19fQ==
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 48eca9d24447b36611e11c9dcdbb735db189743e17ad9d8cff4f60013342cb7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 06:47:31 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 329221
x-amzn-requestid: 80f40dc1-9c70-4c7b-9204-0d676baedd5e
x-cache: Hit from cloudfront
x-amz-apigw-id: H2tghFzioAMFdYQ=
content-length: 17452
last-modified: Mon, 14 Jun 2021 10:59:05 GMT
x-amzn-trace-id: Root=1-6178f603-4f7323886e3a0a6b37b62931;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800, must-revalidate
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: Z-gsD7VJythfqMqIGGaQHk5PKLQIpQMpCOGBZWEY5RNX8bZoQIW21w==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy9UaGVfVGltZXMucG5nIiwiZWRpdHMiOnsicG5nIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlf...
d3cocnzdt9u6c9.cloudfront.net/ 7 KB
7 KB 12ms
10ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL2FydGljbGUtcGFydG5lci1sb2dvcy9UaGVfVGltZXMucG5nIiwiZWRpdHMiOnsicG5nIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlfSwicmVzaXplIjp7IndpZHRoIjozNDAsImhlaWdodCI6ODAsImZpdCI6Imluc2lkZSJ9LCJzaGFycGVuIjp0cnVlfX0=
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 34257ae0233c850404f46ef933f87ab3162f2d7a30f82346f03f900dc4e4e5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 20:52:29 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 537723
x-amzn-requestid: aa400687-17d0-48ee-8743-032db8a8f581
x-cache: Hit from cloudfront
x-amz-apigw-id: HuweLFEBIAMFmaQ=
content-length: 6780
last-modified: Thu, 23 Feb 2017 10:23:24 GMT
x-amzn-trace-id: Root=1-6175c78d-3b01f4095e63566f60c1fa43;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800, must-revalidate
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: NzoY-EDqwxS32eLYkOHVJwCjA2q4v8T9N2BdZQECoP_A5nw2TbzeNw==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL01vdGhlci1ob2xkaW5nLWhlci1iYWJ5LWdpcmwtd2hpbGUtbG9va2luZy1hdC1hLXNlYS12aWV3LmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0e...
d3cocnzdt9u6c9.cloudfront.net/ 11 KB
11 KB 23ms
21ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL01vdGhlci1ob2xkaW5nLWhlci1iYWJ5LWdpcmwtd2hpbGUtbG9va2luZy1hdC1hLXNlYS12aWV3LmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0eSI6MTAwLCJwcm9ncmVzc2l2ZSI6ZmFsc2UsInRyZWxsaXNRdWFudGlzYXRpb24iOnRydWUsIm92ZXJzaG9vdERlcmluZ2luZyI6dHJ1ZSwib3B0aW1pemVTY2FucyI6dHJ1ZX0sInJlc2l6ZSI6eyJ3aWR0aCI6NjEwLCJoZWlnaHQiOjM2NiwiZml0IjoiY292ZXIiLCJwb3NpdGlvbiI6ImxlZnQifX19
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4478e53b562cd6cb15fbe4b3f885d8582102cc2cae2305ab11517063ef33aff4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 06:23:11 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 157881
x-amzn-requestid: c787b00e-b67c-4653-bfc6-4304258a5d43
x-cache: Hit from cloudfront
x-amz-apigw-id: H9P0VH2MIAMFdHg=
content-length: 11080
last-modified: Thu, 28 Oct 2021 18:05:02 GMT
x-amzn-trace-id: Root=1-617b934e-7299021d23aeb57e228a7e96;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=608400
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: GdG4m2Mav0A25pCM-vIvUr9aIjz1pWlUx2jchXo9u3lKy1IWE_jQwA==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL1NjcmVlbnNob3QtMjAyMS0xMC0wNS1hdC0xNS4yMi4zOC5wbmciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhb...
d3cocnzdt9u6c9.cloudfront.net/ 43 KB
44 KB 19ms
17ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL1NjcmVlbnNob3QtMjAyMS0xMC0wNS1hdC0xNS4yMi4zOC5wbmciLCJlZGl0cyI6eyJqcGVnIjp7InF1YWxpdHkiOjEwMCwicHJvZ3Jlc3NpdmUiOmZhbHNlLCJ0cmVsbGlzUXVhbnRpc2F0aW9uIjp0cnVlLCJvdmVyc2hvb3REZXJpbmdpbmciOnRydWUsIm9wdGltaXplU2NhbnMiOnRydWV9LCJyZXNpemUiOnsid2lkdGgiOjYxMCwiaGVpZ2h0IjozNjYsImZpdCI6ImNvdmVyIn0sInNoYXJwZW4iOnRydWV9fQ==
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 738d5459130359d7b2790dd08e38a53ecf6bdf0d1b831d26dbc1e856c674a265

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 07:11:32 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
age: 327780
x-amzn-requestid: 1e0d0c94-9bcd-4c6a-afa0-0b158068bf29
x-cache: Hit from cloudfront
x-amz-apigw-id: H2xBqETDIAMFTBA=
content-length: 43996
last-modified: Tue, 05 Oct 2021 14:23:18 GMT
x-amzn-trace-id: Root=1-6178fba4-6c6b1cd323c18832459f8160;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: dfgkeeCtd0ZllQFfCSzwprfAnX767PYsBv7XFyOFJWUOTemMwWJLVw==

GET
H2 200 eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0FudGF2aWxpYWktc2l0ZS1waG90by0zLmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0eSI6MTAwLCJwcm9ncmVzc2l2ZSI6ZmFsc2UsInRyZWxsa...
d3cocnzdt9u6c9.cloudfront.net/ 82 KB
82 KB 40ms
38ms Image
image/webp 2600:9000:223e:a400:1d:2792:2640:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d3cocnzdt9u6c9.cloudfront.net/eyJidWNrZXQiOiJhc3NldHMyLnRoZWJ1cmVhdWludmVzdGlnYXRlcy5jb20iLCJrZXkiOiJ1cGxvYWRzL0FudGF2aWxpYWktc2l0ZS1waG90by0zLmpwZyIsImVkaXRzIjp7ImpwZWciOnsicXVhbGl0eSI6MTAwLCJwcm9ncmVzc2l2ZSI6ZmFsc2UsInRyZWxsaXNRdWFudGlzYXRpb24iOnRydWUsIm92ZXJzaG9vdERlcmluZ2luZyI6dHJ1ZSwib3B0aW1pemVTY2FucyI6dHJ1ZX0sInJlc2l6ZSI6eyJ3aWR0aCI6NjEwLCJoZWlnaHQiOjM2NiwiZml0IjoiY292ZXIifSwic2hhcnBlbiI6dHJ1ZX19
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:a400:1d:2792:2640:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2585eb5104bfe842fc950e99b862a0cb73d2fcf8ffdca0eceff5a0bc00665766

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
via: 1.1 d04699b52d8873377c4b5f4e7dcf7069.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-amzn-requestid: eea9407f-1106-45e8-8b31-8a13555a84cb
x-cache: Hit from cloudfront
x-amz-apigw-id: HlSVFHNZoAMFngw=
content-length: 83590
last-modified: Mon, 06 Feb 2017 12:58:51 GMT
x-amzn-trace-id: Root=1-6171fdb9-6a30874c21829ee27b5cb160;Sampled=0
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: https://thebureauinvestigates.com
cache-control: max-age=604800, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: Q719pygWhQyBMMABVqpal_iuMjMisg9LVno1at_bIvObiHEuhyLNFw==

GET
H2 200 icon-topic-amr.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 1 KB
758 B 33ms
20ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-amr.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 441f1443d286027c5db7bb36b0d780f2e8d2bb5ef96caeba07718e1d32d2f163

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:00:21 GMT
server: cloudflare
age: 169667
etag: W/"a797b7d14d4583e9ced06af322c102e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed42fa0d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: XFA9SFTB7BJGXBA0
x-amz-id-2: RYwjMWC3l45N1TIre+r9inDtwuLxusZSDQUfXInbPR4YLlQxHn35UjgJLmQiz/zB+cjvd2gHmTI=

GET
H2 200 globalhealth-white.svg
assets2.thebureauinvestigates.com/uploads/ 3 KB
1 KB 35ms
22ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/globalhealth-white.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcb92f97612e42a7e6bcf348fb8b74a6bd6dc5ad99a7ec0e7a426570add899f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Apr 2020 14:02:14 GMT
server: cloudflare
age: 342994
etag: W/"33bc5fbc74329444ac5215bfe0726a30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed42fa4d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CAYVNFYCRYNC6NRB
x-amz-id-2: RJ/Ll22bx336BGKUxsE3VZCG0r9rjZMrlJxmxm7+aswqZ2w/dzrOaRKNYIAqauRxCHr4iRPlyMo=

GET
H2 200 smokescreen-white.svg
assets2.thebureauinvestigates.com/uploads/ 2 KB
1019 B 37ms
24ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/smokescreen-white.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d1347124810658c6b7975db805a324df476bca1ec374b96e782b38290972d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 13 Apr 2021 11:31:32 GMT
server: cloudflare
age: 169667
etag: W/"58e488afb68c3c74c0acfda8482c10b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed42fa2d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: XFA7MF5XK16YH817
x-amz-id-2: Q3Nu09Zrh2e183N5CmcfhLReYmGLec0SAjC78z8f4Os5NVq6OkUbZQ+z6+cjMxj8m3U32y0Lcwc=

GET
H2 200 footer-logo.svg
www.thebureauinvestigates.com/assets/img/ 11 KB
3 KB 25ms
24ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/footer-logo.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a430d07aaf86f36cfd042ccdcd43afc9b8bc116362801125a04efee9110491f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt8eg"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 6a695ed41f8dd6d5-FRA

GET
H2 200 icon-topic-corporations.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 4 KB
1 KB 43ms
30ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-corporations.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3cdf00fa550a08c8b3ef33c9f7e29260a994baa9eeb90b6fbc20f1fa65a585d1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:00:31 GMT
server: cloudflare
age: 414424
etag: W/"c7d730b2dae411e24b567be193109b99"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed42fa3d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 2HVFZ3CRXMRBZ8KT
x-amz-id-2: YVYOYn9KLjqYijNz6MPBoCkQom1lSTEZ3lM2uM7JUOsOCRnLQ+XSDrsktdzzdcnCtVudz9PeXmk=

GET
H2 200 icon-topic-justice.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 1 KB
751 B 30ms
29ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-justice.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c414fd6d170a08f6efd71afa0d5341259ea7168567b6aa09ae24dc7a2b71c08b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:01:03 GMT
server: cloudflare
age: 398128
etag: W/"14c51416cace762609f8c455d248ac4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed44fbed6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CAYSWQ4HN42GCY9J
x-amz-id-2: SwtIx/GpECo+ZB4IJeHM+WI6TquCNMPF/e6Fe6STGmlKNiQMoH2Tk42CJk0CKxdt0Z0796enpRg=

GET
H2 200 icon-topic-human-rights.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 2 KB
855 B 29ms
27ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-human-rights.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3cdbde6f2e7d6f364c7c1575e15683d007b30d58c0222b36d2405c20d260418f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:00:53 GMT
server: cloudflare
age: 169667
etag: W/"af593c600e47c6a1c3210ee2c76ee377"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed44fc0d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: XFAD8NZNMZ24WT2A
x-amz-id-2: SceqYmzxJLckijDBujbC3mvucFVeMX2i9ltdIWFWCItZAQK+NhwaUzyRiknuvb/NqmN0wrasYjg=

GET
H2 200 icon-topic-spin.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 981 B
652 B 29ms
28ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-spin.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 644d1ebc7fd6f2981023fc129d862e929b5668d2bc5031214728330fb7b00189

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:01:14 GMT
server: cloudflare
age: 169667
etag: W/"fb370de1b73a564123bb4524d91a01e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed44fc1d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: XFA3ZB5RT0VFGGVP
x-amz-id-2: VSIm+yAUu0/ZTIRRVwcE+kVPHPL76fXFUhJkgn5niJo+2XZob1nr/yZ/SSA8i9N5DAH3LXHOypY=

GET
H2 200 icon-topic-government.svg
assets2.thebureauinvestigates.com/uploads/projects/icons/ 3 KB
906 B 30ms
28ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets2.thebureauinvestigates.com/uploads/projects/icons/icon-topic-government.svg
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e86e2a103f822069377f118acc7a633477ad4eef6d8f0aa1b6cbc43935dc6a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 15 Aug 2017 09:00:42 GMT
server: cloudflare
age: 398128
etag: W/"376b5815b0368ebd61161577bc447568"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, must-revalidate
cf-ray: 6a695ed44fc2d6d5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CAYJ60W2PCFC3PH8
x-amz-id-2: tVsOqPa3dOn08Kfm+U1LpRuodkfyhB2I0uZXR37hCxhyBFUaUgpQ/p8x4+06Yu2Lyx32x6DbsyQ=

GET
H2 200 members-icon-white.svg
www.thebureauinvestigates.com/assets/img/ 1 KB
560 B 18ms
17ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/members-icon-white.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a22ae34993b865a48ae93f4c17205f5a92c2bd48c90bc5eba767989b5008634

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 691
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 481
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btw0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a695ed41f8ed6d5-FRA

GET
H2 200 email-decode.min.js Show response
www.thebureauinvestigates.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
797 B 9ms
8ms Script
application/javascript 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 12:26:29 GMT
server: cloudflare
etag: W/"616eb975-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6a695ed3ff71d6d5-FRA
vary: Accept-Encoding
expires: Tue, 02 Nov 2021 02:14:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 55ms
20ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-16037974-1

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a45bdfbb6527d9fe7d03e7438ecbfc97414a9fbf23c1f489b6e454767da0869

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35761
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 31 Oct 2021 02:14:32 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 208 KB
58 KB 43ms
6ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c394332f3dcc34898e2bf79fafeeb8b7c2e1fb39dc4ca1d4432bab75434e1243

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 10/25/2021 16:20:45
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Mon, 25 Oct 2021 13:38:13 GMT
cdn-proxyver: 1.0
cdn-fileserver: 124
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: c9609f4dba2e6b8ed776960921c6a20d
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 34ms
5ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25967
x-xss-protection: 0
pragma: public
x-fb-debug: 0HZMFuSsoXiQwZAVJHvo/xpmrbUMpMuUNf2eIouy8k96FaO6zTs9M7W7D3NJPvPVIrap4GLZEvktYjbltlsezA==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Sun, 31 Oct 2021 02:14:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 search-icon-grey.svg
www.thebureauinvestigates.com/assets/img/ 680 B
491 B 18ms
17ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/search-icon-grey.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190922ae32efbd9ed02bb0164a93a1c6357cfc4e7246f1c6bb0a2b609f5fd6b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 690
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 408
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btiw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a695ed41f90d6d5-FRA

GET
H2 200 facebook-icon-dark-grey.svg
www.thebureauinvestigates.com/assets/img/ 483 B
433 B 58ms
57ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/facebook-icon-dark-grey.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f550fbdcc42afd808164719a4d095796a02301d2a178e546fa40d6accf181d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed41f91d6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"qr71btdf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 twitter-icon-dark-grey.svg
www.thebureauinvestigates.com/assets/img/ 959 B
892 B 33ms
32ms Image
image/svg+xml 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/twitter-icon-dark-grey.svg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71560977ee94f83dadd0d9d979afddbb37071b68ae2463ab663ea8fe1ec880cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 535
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btqn"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6a695ed41f93d6d5-FRA

GET
H2 200 promo-box-bg-support.jpg
www.thebureauinvestigates.com/assets/img/ 4 KB
4 KB 67ms
66ms Image
image/jpeg 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/promo-box-bg-support.jpg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c66f448a8c5857caf3aec7563811bc9090d1c8a72751e4c42ad6410196daaa98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origSize=4998, status=webp_bigger
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt3uu"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
cf-ray: 6a695ed41f94d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 promo-box-bg-have-a-story.jpg
www.thebureauinvestigates.com/assets/img/ 5 KB
5 KB 32ms
32ms Image
image/jpeg 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thebureauinvestigates.com/assets/img/promo-box-bg-have-a-story.jpg

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d5bfce704939a36d4ed1f28050a5a90d61f7ea63d115402683c3d15b7c86c79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cf-polished: origSize=6363, status=webp_bigger
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
x-robots-tag: all
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt4wr"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=14400
cf-ray: 6a695ed41f95d6d5-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 TiemposHeadlineWeb-Bold.woff2
www.thebureauinvestigates.com/assets/fonts/TiemposHeadline/ 36 KB
37 KB 56ms
55ms Font
font/woff2 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/TiemposHeadline/TiemposHeadlineWeb-Bold.woff2

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b1d94b5d498f9951ebdb170a9295c18b0e6bdb1d89a85c3f0ef6ab5fc2abdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f98d6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btsp8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 TiemposTextWeb-Regular.woff2
www.thebureauinvestigates.com/assets/fonts/TiemposText/ 55 KB
55 KB 47ms
45ms Font
font/woff2 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/TiemposText/TiemposTextWeb-Regular.woff2

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48f1e8b88778413dc103a0b2f23f9df5f206135c1819e563b278e114835a4435

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f99d6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt17k8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 GT-America-Standard-Regular.woff
www.thebureauinvestigates.com/assets/fonts/GT-America/ 49 KB
49 KB 44ms
43ms Font
font/woff 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/GT-America/GT-America-Standard-Regular.woff

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

803405c8311d1dbca3fccd7c78320d28e45e516c0a813e9c439d15980839c56c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f9bd6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt12xo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 GT-America-Standard-Bold.woff
www.thebureauinvestigates.com/assets/fonts/GT-America/ 53 KB
53 KB 50ms
49ms Font
font/woff 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/GT-America/GT-America-Standard-Bold.woff

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0086bc27856d9d109bc1ef98621e3b1025dc950546b46b84e66da0105e7f8e2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f9cd6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt15po"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 BebasNeue-Bold.woff2
www.thebureauinvestigates.com/assets/fonts/BebasNeue/ 15 KB
15 KB 41ms
40ms Font
font/woff2 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/BebasNeue/BebasNeue-Bold.woff2

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97093c025bf247dbcbb0334533712b67fa36132e77680557a2e8578e8d53dbdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f9dd6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btbpw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 GT-America-Mono-Light.woff
www.thebureauinvestigates.com/assets/fonts/GT-America-Mono/ 40 KB
40 KB 41ms
40ms Font
font/woff 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/GT-America-Mono/GT-America-Mono-Light.woff

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9210265615064ba604ade4c307414039fe391a20986c4811f1c61670791c5b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f9ed6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71btvbo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 GT-America-Standard-Black.woff
www.thebureauinvestigates.com/assets/fonts/GT-America/ 52 KB
52 KB 35ms
34ms Font
font/woff 2606:4700:10::ac43:9c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thebureauinvestigates.com/assets/fonts/GT-America/GT-America-Standard-Black.woff

Requested by

Host: www.thebureauinvestigates.com
URL: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:9c1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e47bbab99a448b2f6d405a77ed6436829d0b807001d9baad4110c4e55be3b29e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thebureauinvestigates.com/assets/css/main.1631957150.css
Origin: https://www.thebureauinvestigates.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cf-ray: 6a695ed42f9fd6d5-FRA
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 07 Apr 2021 12:28:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "qr71bt14zo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
cache-control: max-age=14400
x-robots-tag: all

GET
H2 200 72240 Show response
api.omappapi.com/v2/embed/ 3 KB
2 KB 151ms
97ms XHR
application/json 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/72240?d=thebureauinvestigates.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Pagely Gateway/1.5.1 /
Resource Hash: 3baae418a905be20c55783a9679bcd4556eda8a9b594f7c0004e84e036320540

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 81197
x-user-agent: standard--
last-modified: Thu, 11 Feb 2021 12:19:15 GMT
server: Pagely Gateway/1.5.1
etag: W/"f5a583a29f9b1c25089f3606165ae252"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 0a624670dff351af866d2f19bde4a313.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: qtN1v0xbZce2vELe1s7HqzBDTKuY-GIUkHIDr8CoPxV_HyYPWVk4yw==
expires: Sun, 31 Oct 2021 02:02:50 GMT

GET
H2 200 webfont.js Show response
a.omappapi.com/app/js/webfont/1.5.18/ 16 KB
7 KB 40ms
7ms Script
application/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:32 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 08/11/2021 05:08:04
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 17:38:16 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: adf837f4897a2d19c06dac1b8cfffa2a
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 806
date: Sun, 31 Oct 2021 02:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 31 Oct 2021 04:01:06 GMT

GET
H2 200 f2a268480b0056f33964dc32ec6b52ef-optin.json Show response
a.omappapi.com/app/campaign-views/bbb2498f793c/gq4zig8wddlarcs0vvh1/ 34 KB
9 KB 21ms
7ms XHR
application/json 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/bbb2498f793c/gq4zig8wddlarcs0vvh1/f2a268480b0056f33964dc32ec6b52ef-optin.json
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e6f9a7c64182d8734f09477aa183641645fd8a6675e06e29fe2546b7dd1a8495

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.thebureauinvestigates.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 02:14:37 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/11/2021 08:11:48
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Thu, 27 May 2021 18:28:46 GMT
cdn-proxyver: 1.0
cdn-fileserver: 162
vary: Accept-Encoding
content-type: application/json
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 53ff1fb8bfc0d0f0ab2285cfed9a8ccc
cdn-requestcountrycode: GB
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dbeeb3fa5f0188835b6b6208bc89d641f030e79e27ad5712d427eabd79e6095a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET i
z.omappapi.com/v3/ 0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
219 B 15ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1113345200&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.thebureauinvestigates.com%2F&ul=en-us&de=UTF-8&dt=The%20Bureau%20of%20Investigative%20Journalism%20(en-GB)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Bureau%20Subscription&ea=impression&el=gq4zig8wddlarcs0vvh1&_u=qFBAAEABEAAAAC~&jid=1933280307&gjid=2090525851&cid=905850570.1635646478&tid=UA-16037974-1&_gid=805044215.1635646478&_r=1&_slc=1&z=393717651

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thebureauinvestigates.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 02:14:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thebureauinvestigates.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
449 B 44ms
14ms XHR
text/plain 2a00:1450:400c:c1b::9c

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-16037974-1&cid=905850570.1635646478&jid=1933280307&gjid=2090525851&_gid=805044215.1635646478&_u=qFBAAEAAEAAAAC~&z=135973135

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thebureauinvestigates.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 31 Oct 2021 02:14:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.thebureauinvestigates.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: z.omappapi.com
URL: https://z.omappapi.com/v3/i?aid=72240&cid=gq4zig8wddlarcs0vvh1&sid=5e53c09a21f71&rt=false&dv=desktop&cty=floating&url=&v=5

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.thebureauinvestigates.com/	1970-01-23 22:19:20	Name: _omappvp Value: BefEyV7t1qP9Z0GxkCTdYQnJJxuCKnAAC5LfeDN6fWZD0GcQKhdauiq8vjW1LqpVsIwEFBm2ATRB6sdSANE4ry2Hsd0VeGc7
			www.thebureauinvestigates.com/	1970-01-19 22:20:47	Name: _omappvs Value: 1635646472465

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
a.opmnstr.com
api.omappapi.com
assets2.thebureauinvestigates.com
connect.facebook.net
d3cocnzdt9u6c9.cloudfront.net
stats.g.doubleclick.net
thebureauinvestigates.com
www.google-analytics.com
www.googletagmanager.com
www.thebureauinvestigates.com
z.omappapi.com
z.omappapi.com
18.66.112.19
2600:9000:223e:a400:1d:2792:2640:21
2606:4700:10::6816:4e56
2606:4700:10::ac43:9c1
2a00:1450:4001:827::200e
2a00:1450:4001:82b::2008
2a00:1450:400c:c1b::9c
2a03:2880:f02d:12:face:b00c:0:3
89.187.169.47
0086bc27856d9d109bc1ef98621e3b1025dc950546b46b84e66da0105e7f8e2a
05b1d94b5d498f9951ebdb170a9295c18b0e6bdb1d89a85c3f0ef6ab5fc2abdd
0a430d07aaf86f36cfd042ccdcd43afc9b8bc116362801125a04efee9110491f
0e86e2a103f822069377f118acc7a633477ad4eef6d8f0aa1b6cbc43935dc6a3
180f2195bdae3f048def74498667ae08206a1f7d08a3d2085cf019b463ed1804
190922ae32efbd9ed02bb0164a93a1c6357cfc4e7246f1c6bb0a2b609f5fd6b5
1ef3392ac9ca52c6155d0b174afc69e3b26638715d3d76be1a7b9cc7bba3af14
2585eb5104bfe842fc950e99b862a0cb73d2fcf8ffdca0eceff5a0bc00665766
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2f550fbdcc42afd808164719a4d095796a02301d2a178e546fa40d6accf181d0
34257ae0233c850404f46ef933f87ab3162f2d7a30f82346f03f900dc4e4e5fb
39b5cbcf48280c7fe0ad79ef5f55aa60fd354efc375ef77f7d6898fd254c5a73
3baae418a905be20c55783a9679bcd4556eda8a9b594f7c0004e84e036320540
3cdbde6f2e7d6f364c7c1575e15683d007b30d58c0222b36d2405c20d260418f
3cdf00fa550a08c8b3ef33c9f7e29260a994baa9eeb90b6fbc20f1fa65a585d1
441f1443d286027c5db7bb36b0d780f2e8d2bb5ef96caeba07718e1d32d2f163
4478e53b562cd6cb15fbe4b3f885d8582102cc2cae2305ab11517063ef33aff4
48eca9d24447b36611e11c9dcdbb735db189743e17ad9d8cff4f60013342cb7a
48f1e8b88778413dc103a0b2f23f9df5f206135c1819e563b278e114835a4435
4a22ae34993b865a48ae93f4c17205f5a92c2bd48c90bc5eba767989b5008634
4d1347124810658c6b7975db805a324df476bca1ec374b96e782b38290972d96
4f58e70371ba1dfe5fed1861aea4de3b30425f474047fced5463b0ca03a25c2f
5b6f595b46870d56769cd55c72f847ffdbac2d3789ca9de357ac01c55eb33deb
644d1ebc7fd6f2981023fc129d862e929b5668d2bc5031214728330fb7b00189
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71560977ee94f83dadd0d9d979afddbb37071b68ae2463ab663ea8fe1ec880cb
738d5459130359d7b2790dd08e38a53ecf6bdf0d1b831d26dbc1e856c674a265
7d6e471a51f5c8aa86abbf2fcff50399453709048868dab395bfde7a1b2b9182
803405c8311d1dbca3fccd7c78320d28e45e516c0a813e9c439d15980839c56c
90d0926d0cbd424a09c19151848995c75643419d20fcb6abcec1e88fece985b5
952ccaafca31bace58835cec8230625637018f688cc837bdaadda4c0f534c64c
97093c025bf247dbcbb0334533712b67fa36132e77680557a2e8578e8d53dbdd
98f87b001a6dc885808330711a29636cd38f65ac99167f12ab807a0d3a5e32bf
9a45bdfbb6527d9fe7d03e7438ecbfc97414a9fbf23c1f489b6e454767da0869
9d5bfce704939a36d4ed1f28050a5a90d61f7ea63d115402683c3d15b7c86c79
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af182365f55b337676ecba2120caacd19f31db71f7e67f8828285b0bb98f272c
bcb92f97612e42a7e6bcf348fb8b74a6bd6dc5ad99a7ec0e7a426570add899f1
c394332f3dcc34898e2bf79fafeeb8b7c2e1fb39dc4ca1d4432bab75434e1243
c414fd6d170a08f6efd71afa0d5341259ea7168567b6aa09ae24dc7a2b71c08b
c66f448a8c5857caf3aec7563811bc9090d1c8a72751e4c42ad6410196daaa98
cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d0786430255c437a07fab1dc138cd6073bb7d146a3354c281113755a22c98a11
dbeeb3fa5f0188835b6b6208bc89d641f030e79e27ad5712d427eabd79e6095a
e47bbab99a448b2f6d405a77ed6436829d0b807001d9baad4110c4e55be3b29e
e6f9a7c64182d8734f09477aa183641645fd8a6675e06e29fe2546b7dd1a8495
f38ba920d1fc6f4f4a111b0dbfdb1919e14f5bf78c76fccf035c19da36ad3d56
f9210265615064ba604ade4c307414039fe391a20986c4811f1c61670791c5b2
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

www.thebureauinvestigates.com Open in urlscan Pro 2606:4700:10::ac43:9c1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

50 Requests

98 %HTTPS

78 %IPv6

8 Domains

12 Subdomains

9 IPs

3 Countries

943 kBTransfer

1548 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.thebureauinvestigates.com Open in urlscan Pro
2606:4700:10::ac43:9c1 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

98 %
HTTPS

78 %
IPv6

8
Domains

12
Subdomains

9
IPs

3
Countries

943 kB
Transfer

1548 kB
Size

2
Cookies

50 HTTP transactions
1 data transactions