urlscan.io logo urlscan.io
SecurityTrails logo

offtherecord.com Open in urlscan Pro
18.165.183.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://fight.offtherecord.com/
Effective URL: https://offtherecord.com/
Submission: On July 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 39 IPs in 3 countries across 29 domains to perform 174 HTTP transactions. The main IP is 18.165.183.115, located in United States and belongs to AMAZON-02, US. The main domain is offtherecord.com. The Cisco Umbrella rank of the primary domain is 999154.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 16th 2023. Valid for: a year.
This is the only time offtherecord.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.57.72.67 16509 (AMAZON-02)
51 18.165.183.115 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
16 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a04:4e42::729 54113 (FASTLY)
2 151.101.64.176 54113 (FASTLY)
2 54.82.59.33 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 7 52.71.204.54 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 151.101.192.176 54113 (FASTLY)
5 2a00:1450:400... 15169 (GOOGLE)
10 44.206.204.170 14618 (AMAZON-AES)
5 18.232.193.47 14618 (AMAZON-AES)
4 2a03:2880:f08... 32934 (FACEBOOK)
7 34.96.102.137 396982 (GOOGLE-CL...)
2 2a04:4e42::396 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
3 2001:4860:480... 15169 (GOOGLE)
1 142.250.186.130 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 151.101.1.140 54113 (FASTLY)
1 151.101.65.140 54113 (FASTLY)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 18.173.187.101 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 52.85.65.36 16509 (AMAZON-02)
1 34.49.206.188 396982 (GOOGLE-CL...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 35.201.112.186 396982 (GOOGLE-CL...)
174 39
1    13.57.72.67 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-57-72-67.us-west-1.compute.amazonaws.com
fight.offtherecord.com
51    18.165.183.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-115.zrh55.r.cloudfront.net
offtherecord.com
4    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
16    2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
ka-p.fontawesome.com
2    2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)
browser.sentry-cdn.com
2    151.101.64.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
2    54.82.59.33 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-59-33.compute-1.amazonaws.com
relay.offtherecord.com
1    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
7    52.71.204.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-204-54.compute-1.amazonaws.com
relay.offtherecord.com
2    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
5    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    151.101.192.176 (San Francisco, United States)

ASN54113 (FASTLY, US)
js.stripe.com
5    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
10    44.206.204.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-206-204-170.compute-1.amazonaws.com
otr-backend-service-us-prod.offtherecord.com
5    18.232.193.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-193-47.compute-1.amazonaws.com
relay.offtherecord.com
4    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
7    34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
2    2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
3    2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com
1    2606:4700::6810:8ad1 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2a02:26f0:3500:11::215:14d5 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com
1    151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
pixel-config.reddit.com
1    151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6810:6efe (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
1    2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
3    2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
2    18.173.187.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-101.muc50.r.cloudfront.net
wa.onelink.me
2    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    52.85.65.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-65-36.muc50.r.cloudfront.net
wa.appsflyer.com
1    34.49.206.188 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 188.206.49.34.bc.googleusercontent.com
anhkgav0.apicdn.sanity.io
1    2606:4700::6812:50cc (United States)

ASN13335 (CLOUDFLARENET, US)
perf-na1.hsforms.com
1    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
Apex Domain
Subdomains		 Transfer
76 offtherecord.com
fight.offtherecord.com
offtherecord.com — Cisco Umbrella Rank: 999154
relay.offtherecord.com
otr-backend-service-us-prod.offtherecord.com
1 MB
16 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 2060
ka-p.fontawesome.com — Cisco Umbrella Rank: 3863
335 KB
7 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4205
57 KB
7 google.com
www.google.com — Cisco Umbrella Rank: 5
apis.google.com — Cisco Umbrella Rank: 217
region1.analytics.google.com — Cisco Umbrella Rank: 3125
119 KB
6 gstatic.com
www.gstatic.com
fonts.gstatic.com
309 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
5 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 204
159 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
368 KB
4 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1638
170 KB
3 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 4457
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4515
track.hubspot.com — Cisco Umbrella Rank: 2823
26 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 71
22 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 361
14 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
3 KB
2 onelink.me
wa.onelink.me — Cisco Umbrella Rank: 16925
871 B
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 5322
forms.hscollectedforms.net — Cisco Umbrella Rank: 5409
25 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 8088
126 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
396 B
2 reddit.com
pixel-config.reddit.com — Cisco Umbrella Rank: 2076
alb.reddit.com — Cisco Umbrella Rank: 1406
761 B
2 appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 5461
wa.appsflyer.com — Cisco Umbrella Rank: 10862
10 KB
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1200
13 KB
2 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 6381
22 KB
1 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2394
12 KB
1 hsforms.com
perf-na1.hsforms.com — Cisco Umbrella Rank: 4790
928 B
1 sanity.io
anhkgav0.apicdn.sanity.io
3 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2607
26 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2634
24 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2984
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 133
19 KB
0 amazonaws.com Failed
off-the-record-service.s3.us-west-2.amazonaws.com Failed
174 29
Domain Requested by
51 offtherecord.com offtherecord.com
browser.sentry-cdn.com
15 ka-p.fontawesome.com kit.fontawesome.com
offtherecord.com
14 relay.offtherecord.com 1 redirects offtherecord.com
browser.sentry-cdn.com
relay.offtherecord.com
10 otr-backend-service-us-prod.offtherecord.com browser.sentry-cdn.com
7 dev.visualwebsiteoptimizer.com relay.offtherecord.com
offtherecord.com
dev.visualwebsiteoptimizer.com
5 fonts.gstatic.com fonts.googleapis.com
5 fonts.googleapis.com offtherecord.com
4 connect.facebook.net offtherecord.com
connect.facebook.net
4 www.googletagmanager.com offtherecord.com
www.googletagmanager.com
4 js.stripe.com offtherecord.com
js.stripe.com
4 www.google.com offtherecord.com
www.gstatic.com
3 www.google-analytics.com offtherecord.com
www.google-analytics.com
browser.sentry-cdn.com
3 bat.bing.com offtherecord.com
bat.bing.com
2 www.facebook.com offtherecord.com
2 wa.onelink.me browser.sentry-cdn.com
2 www.google.de offtherecord.com
2 stats.g.doubleclick.net www.googletagmanager.com
browser.sentry-cdn.com
2 www.redditstatic.com www.googletagmanager.com
browser.sentry-cdn.com
2 apis.google.com offtherecord.com
apis.google.com
2 browser.sentry-cdn.com offtherecord.com
1 track.hubspot.com
1 edge.fullstory.com offtherecord.com
1 perf-na1.hsforms.com offtherecord.com
1 anhkgav0.apicdn.sanity.io browser.sentry-cdn.com
1 cta-service-cms2.hubspot.com browser.sentry-cdn.com
1 forms.hscollectedforms.net browser.sentry-cdn.com
1 wa.appsflyer.com browser.sentry-cdn.com
1 js.hubspot.com js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 region1.analytics.google.com browser.sentry-cdn.com
1 alb.reddit.com offtherecord.com
1 pixel-config.reddit.com browser.sentry-cdn.com
1 websdk.appsflyer.com offtherecord.com
1 js.hs-scripts.com www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 kit.fontawesome.com offtherecord.com
1 fight.offtherecord.com 1 redirects
0 off-the-record-service.s3.us-west-2.amazonaws.com Failed offtherecord.com
174 41
Subject Issuer Validity Valid
*.offtherecord.com
Amazon RSA 2048 M02		 2023-11-16 -
2024-12-14		 a year crt.sh
*.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA 2024 Q2		 2024-06-04 -
2025-07-06		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2024-09-19		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.apis.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.google-analytics.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-10 -
2024-07-09		 3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2024-06-29 -
2025-07-31		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-23 -
2024-11-18		 6 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
*.googleadservices.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
hs-scripts.com
E1		 2024-05-31 -
2024-08-29		 3 months crt.sh
*.appsflyer.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-27 -
2024-07-27		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-05-30 -
2024-11-26		 6 months crt.sh
*.g.doubleclick.net
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.google.de
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
hs-analytics.net
WE1		 2024-06-11 -
2024-09-09		 3 months crt.sh
hscollectedforms.net
E1		 2024-05-27 -
2024-08-25		 3 months crt.sh
hs-banner.com
E1		 2024-05-30 -
2024-08-28		 3 months crt.sh
hubspot.com
E1		 2024-05-23 -
2024-08-21		 3 months crt.sh
*.onelink.me
Amazon RSA 2048 M02		 2024-05-05 -
2025-06-02		 a year crt.sh
*.apicdn.sanity.io
Sectigo RSA Domain Validation Secure Server CA		 2023-10-10 -
2024-09-30		 a year crt.sh
hsforms.com
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://offtherecord.com/
Frame ID: E2FF4FB7BAFDEF6470A678C3BC8B3B81
Requests: 174 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3&co=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29tOjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=p64i7vi2ns8x
Frame ID: 548B7756DA3B276069F19A6156BFBF89
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fofftherecord.com&stripe_xdm_c=default590625&stripe_xdm_p=1
Frame ID: 469CCF754B7FFF58542F70CB4E3E859E
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 6FC0B300566D05CA98044A543E236011
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Fight Your Moving Violation | Traffic Ticket Lawyer Local & Online

Page URL History Show full URLs

  1. http://fight.offtherecord.com/ HTTP 307
    https://fight.offtherecord.com/ HTTP 307
    https://offtherecord.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
  • \bangular.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

174
Requests

92 %
HTTPS

59 %
IPv6

29
Domains

41
Subdomains

39
IPs

3
Countries

2990 kB
Transfer

9822 kB
Size

39
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://fight.offtherecord.com/ HTTP 307
    https://fight.offtherecord.com/ HTTP 307
    https://offtherecord.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 172
  • https://relay.offtherecord.com/datalayer/v4/latest.js HTTP 302
  • https://edge.fullstory.com/datalayer/v4/latest.js

174 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
offtherecord.com/
Redirect Chain
  • http://fight.offtherecord.com/
  • https://fight.offtherecord.com/
  • https://offtherecord.com/
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
59f6bd660f86e814f32159cdf2266437d3497978d988afb30867521f3a8fc0a3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 01 Jul 2024 22:14:35 GMT
etag
W/"3c5b-19041da77f8"
expires
0
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
vary
Accept-Encoding
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
x-amz-cf-id
-PdKQ0eLNPNf5MDoERfvS-6zTSWaILKWEG8tTSHCSuIGgzK74GczUw==
x-amz-cf-pop
ZRH55-P1
x-cache
Miss from cloudfront
x-powered-by
Express

Redirect headers

Accept-CH
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
Connection
keep-alive
Date
Mon, 01 Jul 2024 22:14:35 GMT
Last-Modified
Mon, 01 Jul 2024 22:14:35 GMT
Location
https://offtherecord.com
Server
openresty
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
api.js
www.google.com/recaptcha/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5195fd12b830dfac301dd2d5b0c91d15548e2c4453a23fe03d60d28e8abc3fe1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jul 2024 22:14:35 GMT
api.js
www.google.com/recaptcha/ 		1 KB
962 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=explicit
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b25d55e9df6af94720da527398f910187209ddd55e4e3a1af7241ad1c3256726
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jul 2024 22:14:35 GMT
af20baf93e.js
kit.fontawesome.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/af20baf93e.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebb64fd9bb742d327640240c5c6cbddd6c57c3a5e63bc091a202c9daa3c49c1c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
59
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
89c9bff93b3e2bd9-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F91EaG8vhcZCObQAED5h
bundle.min.js
browser.sentry-cdn.com/6.19.7/ 		65 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
3432220
etag
"4dc87c1e025f84ef0d14fe9187946dfd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
20887
expires
Wed, 26 Apr 2023 13:34:47 GMT
angular.min.js
browser.sentry-cdn.com/6.19.7/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/6.19.7/angular.min.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 26 Apr 2022 13:11:05 GMT
server
Fastly
age
1757875
etag
"14f18525c8f97317f08d5cc6f80a1953"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
882
expires
Thu, 19 Sep 2024 13:29:39 GMT
/
js.stripe.com/v2/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 22:14:35 GMT
via
1.1 varnish
age
17
x-cache
HIT
content-length
19860
x-request-id
a27a1582-1361-4c23-b96f-c63bb1629a89
x-served-by
cache-fra-eddf8230154-FRA
last-modified
Thu, 03 Feb 2022 12:42:55 GMT
server
Fastly
etag
"4e0e5080f8f45588fcc33b82ee08fa3c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
1
/
js.stripe.com/v3/ 		619 KB
151 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
2eccab3ca2a7533fcc79a44dcc36f2a4f012adc5fd949685abe37d8c743a0e0f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 22:14:35 GMT
via
1.1 varnish
age
23
x-cache
HIT
content-length
154049
x-request-id
26c6eb7f-6efb-40b6-aa61-1ea73d38f378
x-served-by
cache-fra-eddf8230154-FRA
last-modified
Mon, 01 Jul 2024 20:38:32 GMT
server
Fastly
etag
"08bf79c2374cee17a96bfa9e89845d1a"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
10
871.0ea2898e275e36f1ee36.js
offtherecord.com/ 		3 MB
562 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/871.0ea2898e275e36f1ee36.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
cf6ac740fc12afd2a32b8ec13b01bebd33e8c80badfc815ffa59259e29d4f886

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:00 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"2a92c7-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
C-2bdbt8_uLTzUETGkiZ7SeAZZvB8p_FVUTNCajmPV94AfpmH6dGeQ==
main.cc6cd34bbfeab94b868d.js
offtherecord.com/ 		611 KB
184 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/main.cc6cd34bbfeab94b868d.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
25e75db4d1786d60f5c4ca3fdf27fed9bc63aee5e1be15f0cc2c57cada4796b0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:00 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"98d0b-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
7sVdr-GF7tnsQUnqaWaIZl02ZNBqM_B6hiMErzYVzrfCDLEOvNyS3Q==
main.c214a36cef6ab26dcfc3.css
offtherecord.com/ 		619 KB
126 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a9cb20d56674c5d31f30c7541ea5c988fd7f34a6f0cbe18d2f8b39c9db11013b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:00 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"9ada0-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
phnAnHGwEeQAQC-4eDc-c_X-GRdRhv32t3rCA5Yh0hbyFiIYVzBFkQ==
j.php
relay.offtherecord.com/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:447/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&vn=2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.82.59.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-59-33.compute-1.amazonaws.com
Software
gnv2 /
Resource Hash
f9c0338c99725880299b688b609a0b6b2892eed1dabc38c33d9141d757c94883

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
via
1.1 google
server
gnv2
etag
W/"1719843242"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
recaptcha__de.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 		536 KB
213 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 09:27:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
46043
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
217833
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 01 Jul 2025 09:27:12 GMT
pro.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		672 KB
118 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01a3066991f4af85d35aaa0068aa00054f9762f39c263853f49518d5f9784c4b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:26 GMT
server
cloudflare
age
1912690
etag
"660c23a2-1d791"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bff97b7f2bd9-FRA
content-length
120721
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		27 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v4-shims.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f3387f11826be4923a2d3a8c1542780abd6d4c66ce13f2de770f2e386989593

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
375256
etag
"660c23a0-10e7"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bff97b812bd9-FRA
content-length
4327
pro-v5-font-face.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		50 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v5-font-face.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1580a6a19cb081a84215f13b42f765469beb87d7401f16349760cd067fc4da71

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
1839688
etag
"660c23a0-1c3b"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bff97b852bd9-FRA
content-length
7227
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v6.5.2/css/ 		7 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/css/pro-v4-font-face.min.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
516640faeb856df6599d165f26ee51ce8cbaaf34f7c09d818509e75f6a48ae13

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:26:24 GMT
server
cloudflare
age
7790578
etag
"660c23a0-6ca"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bff97b872bd9-FRA
content-length
1738
custom-icons.css
ka-p.fontawesome.com/assets/af20baf93e/58848039/ 		5 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/assets/af20baf93e/58848039/custom-icons.css?token=af20baf93e
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ed6ed94539c66975dc82aa70df5b69b52c54255b4bf58bde69480a794814972

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Jun 2024 00:27:45 GMT
server
cloudflare
age
1747681
etag
W/"be47d61d015a9834706670d482cd4a9a"
x-cache-status
MISS
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-ray
89c9bff97b7c2bd9-FRA
fs.js
relay.offtherecord.com/s/ 		277 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/s/fs.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
UploadServer /
Resource Hash
3437f195c3f03e93049d9ef9c9e79b2ebeb8b97339a268cf2d6e4ab38aee09c5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
age
1886
x-guploader-uploadid
ACJd0NrdzgKr23aNMyAeuM_YFiz0sN65EHfktBnmJ8kyoVeKYgAC2ExFGPjE2b888E1TMqRzGyrENSf5-A
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76394
last-modified
Thu, 27 Jun 2024 13:38:26 GMT
server
UploadServer
etag
"f79ad65695b94b39d47799af56fbd7e3"
vary
Accept-Encoding
x-goog-generation
1719495506351318
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=wtOMAQ==, md5=95rWVpW5SznUd5mvVvvX4w==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
76394
accept-ranges
bytes
expires
Mon, 01 Jul 2024 22:43:10 GMT
inline-scripts.js
offtherecord.com/app/common/preprocessor/ 		320 B
701 B 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
28503820ff423a3e61dcab001567d362860dfed3863e3143f5046316a2f262f2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:00 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"140-19041da77f8"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
320
x-amz-cf-id
-PVyunCQvLao56K2XjYJtYzqFUQ2ZNQkdDkgoy-OMTuh8zsuVkhRTw==
client.js
apis.google.com/js/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/client.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fcbb1a5df6e55aad11e414ae61b6a292085fc399746a019e86084c9a715fcd4
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 22:14:35 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5904
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"8b5c8d7b039c5a70"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 01 Jul 2024 22:14:35 GMT
autotrack.js
offtherecord.com/node_modules/autotrack/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/node_modules/autotrack/autotrack.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:00 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:39:35 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"60d8-19041e3f029"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
dVLbd4UnymA8hn-VBOFvvl7QlChtOavfvTX_4Fw-w7KLpe2vIRF6PQ==
css2
fonts.googleapis.com/ 		9 KB
864 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:47:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 22:14:35 GMT
css2
fonts.googleapis.com/ 		4 KB
692 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Mulish:ital,wght@0,200..1000;1,200..1000&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7d38cf48db41a250c7256cb7295f9b818bbd8cb75745c3a975174da27d021082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:27:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 22:14:35 GMT
css
fonts.googleapis.com/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:55:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 22:14:35 GMT
css
fonts.googleapis.com/ 		12 KB
790 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito:200,300,400,600,700,800,900&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7b7ca9dee8acbf03925b43a2cb76e364ba514c30a18de9f1523d0b156093c7d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 22:14:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 22:14:35 GMT
css2
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@400;600;700&display=swap
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7b5edcbf4a04dec3e1381046ccfe8e7135eaca4cc47973ccfd4ec6384b39b8bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:57:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Jul 2024 22:14:35 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.yt0ljKjs5rs.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_yzulJpTEe99NXWvLUgho342xMuA/ 		323 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.yt0ljKjs5rs.O/m=client/rt=j/sv=1/d=1/ed=1/am=AAAQ/rs=AHpOoo_yzulJpTEe99NXWvLUgho342xMuA/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45f126c2a5a6d90090c4ba9a424dce1c2b154e620a756ad6a03b7ec3d33a8379
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 03:37:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
412655
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112722
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 15:21:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 27 Jun 2025 03:37:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame 548B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LenzB4pAAAAAH6vbRHZg7yJ7zsNldSxJEZWsyr3&co=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29tOjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=p64i7vi2ns8x
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OxKJk-42BeJVuP_X84YX_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-OxKJk-42BeJVuP_X84YX_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 01 Jul 2024 22:14:35 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		278 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d3f4bb2a0905b700fe60e4cf0fc84bca316b10fa49070270087173baa31e31b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
97168
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:36:28 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 01 Jul 2024 22:14:35 GMT
channel.html
js.stripe.com/v2/ Frame 469C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v2/channel.html?stripe_xdm_e=https%3A%2F%2Fofftherecord.com&stripe_xdm_c=default590625&stripe_xdm_p=1
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
74
cache-control
public, max-age=300
content-encoding
br
content-length
449
content-security-policy
report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
default-src 'self'; connect-src https://api.stripe.com; base-uri 'none'; form-action 'none'; img-src 'self' https://q.stripe.com; script-src 'self' 'sha256-M1LJiJCn3XBCZ1erCVATqpCSJ5Yd9sUrS2npRlBZ6YE='; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 01 Jul 2024 22:14:36 GMT
etag
"19af0c6cc7a0bca20a355b3362dc64a0"
last-modified
Tue, 05 Oct 2021 15:24:12 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-content-type-options
nosniff
x-request-id
b2377876-dd66-44d2-8c43-f3b5a9de0d55
x-served-by
cache-fra-eddf8230119-FRA
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 6FC0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
2151373
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Mon, 01 Jul 2024 22:14:36 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 11 Nov 2022 20:25:37 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
374306
x-content-type-options
nosniff
x-request-id
80139ce9-a2df-4eee-b787-46bb44df8ac3
x-served-by
cache-fra-eddf8230119-FRA
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 14:44:18 GMT
x-content-type-options
nosniff
age
545418
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jun 2025 14:44:18 GMT
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=nef22dhwd2h
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Mon, 01 Jul 2024 22:14:36 GMT
server
nginx/1.22.1
_r
relay.offtherecord.com/app-link/ 		91 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/app-link/_r?sdk=web2.74.0&branch_key=key_live_oik1hC6SvaFGaQl6L4f5chghyqkDbk9G&callback=branch_callback__0
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/871.0ea2898e275e36f1ee36.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.232.193.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-193-47.compute-1.amazonaws.com
Software
openresty /
Resource Hash
09257d7499b27827718c7e6e9ca3781ab1831703aeb80160f607883f65929d67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 bae9b5cf91e37b01cfae8886aa7bf606.cloudfront.net (CloudFront)
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
server
openresty
x-amz-cf-pop
IAD55-P4
etag
W/"5b-xCl4hFliIaJwPbw9RdSvYYqBAwk"
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
content-length
91
x-amz-cf-id
6Uc6w2mMPRkeBxTeyk-TM6fr2RvkmkFltzlyrvBUB7mahjx5VODjXw==
sdk.js
connect.facebook.net/en_US/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.cc6cd34bbfeab94b868d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
29efe1a1ffbbd350ee4e4feccd5ca7eb202b660ac5c1bfbd2a847c360ae6685a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 22:14:36 GMT
content-md5
SM4VssotX2zZUkbJYXUOMQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1688
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1328, tbw=2771, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug
Dis1CxPn+ah/mPfu7ARCi3kYkWzON0xK7B0+XYetKftGi6JWMQSWJLTZbEjPlajj61QGpm+x98KQP71hcmQvcQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
d2e6ade4408be17664d7b62b425987c2
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"dd5dbf998c0f80affe17f086c2081ce9"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
expires
Mon, 01 Jul 2024 22:30:00 GMT
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
584 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=nef22dhwd2h
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
default-template.92e79e33bc41f4331c0d.html
offtherecord.com/templates/ 		801 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/default-template.92e79e33bc41f4331c0d.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
b89883077b7da3bdf8df4274d65f842616738531605bd1b2ae956e24b80835d1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"321-19041da77f8"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
801
x-amz-cf-id
TplraOtcnHCq7QixjxRJKKxNoseZsx9KQyuND_lAz-tciiDUsS6pPQ==
home.component.2b0d39ec26cae5cc7b81.html
offtherecord.com/templates/ 		32 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/home.component.2b0d39ec26cae5cc7b81.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
13abe194974d9ab73d6634d2ef7db02703f94b56ba5b12cf452d93a6288efcb3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:01 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"7efe-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
cbnRChVvTEZrYtaP69IopHLFjyg8_gQekmnuyKv94qHBY6iXd5njWw==
login.6cfe931c8bfbec9ed705.html
offtherecord.com/templates/ 		24 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/login.6cfe931c8bfbec9ed705.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
cad08c9782cbde27b90104ded5f58eddcf7fcf469f6a7f61ee8c489a8f377e2e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:01 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"5eb6-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
C543QcMec9nYwKJSxIpHw5zmzuPCLENDlmzsSIgGbPDaRU4QtSOumQ==
state-selection.82c570e66814fe0590fd.html
offtherecord.com/templates/ 		1 KB
935 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/state-selection.82c570e66814fe0590fd.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
f01d3fe2a8106b2ac0fe9ed20c7c3548c198cb1402e5fba6ac150841ea4bd65f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:01 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"572-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
0AHoVih7hs4BqFudI1DWKsi4NgxIF-WEm1Sosv0e5iJMcSdanmhuKw==
main-header.partial.f8e8c0fb8949bbb506e7.html
offtherecord.com/templates/ 		12 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/main-header.partial.f8e8c0fb8949bbb506e7.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
debca78f8ca7955db2c959e400eadd51a9032d2d1af2310e4caefde88ca90e3d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:01 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"3029-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
sRfPwz_lWnyeAl1ff3I0NY-jjxlMDDsmthaPx3uUcShEdXYGfR4wEA==
footer.partial.52d8b9958e0d815d6e41.html
offtherecord.com/templates/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/footer.partial.52d8b9958e0d815d6e41.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
429f091bc992af5010b1a1b16b1c8e6dfac6728fe938e66fed97f26f21071ab9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"2b5d-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
T1oBCQ67oJRzqHkOT_lfWgrXty6UyYtCfIGcaKFwRgwvzYOV3leCAg==
featured-on.partial.e808beb00cc7948f5691.html
offtherecord.com/templates/ 		1 KB
788 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/featured-on.partial.e808beb00cc7948f5691.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
5d904be0b7b81df09b9197c0b09baac3340e08a583a17f64b75e1c0b467dd07f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"593-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
SWxPD3yv4GvHbuTjwnlystSbebz2hlbYS8mRAizeXqU5BD0A8Z-q-Q==
tag-34bfb91cf1c68c871cf1e720f5217f45.js
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 		195 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-34bfb91cf1c68c871cf1e720f5217f45.js
Requested by
Host: relay.offtherecord.com
URL: https://relay.offtherecord.com:447/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&vn=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra2 /
Resource Hash
14842835c4c50fd3a40d341b36c1c26d9daa8b6677a148601dfe71bc8dd8c04b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:35 GMT
content-encoding
br
via
1.1 google
last-modified
Mon, 01 Jul 2024 14:01:14 GMT
server
gfra2
etag
"6682b6aa-d7dc"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55260
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=660553&d=offtherecord.com&u=D6946BBD4754422EE03623D9CEDC7E77A&h=7cf74184785856dcd4059494e9eba767&t=false
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
js
www.googletagmanager.com/gtag/ 		324 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-TMGSMNG8YY&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8bfb96606d58d00a590963b8dd12e349ae7ac2eda65e9892a36a887e146703d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108624
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 01 Jul 2024 22:14:36 GMT
pixel.js
www.redditstatic.com/ads/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 20 Jun 2024 19:23:03 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
12116
fbevents.js
connect.facebook.net/en_US/ 		221 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
de1805522e8bde4516893684590f431b5bc8716638f3b9cdbf4e987767e61a65
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Jul 2024 22:14:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58251
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=20, mss=1328, tbw=6621, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
M1Mmr/eobM1P87c3eDbOK43j+w4FHDSvO2LPaVkjKTpiQnJDZ17ZOtZQVptGMBjz7dq/JHejVuH4j50TplINiQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 01 Jul 2024 22:14:35 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2715E17A09764F9BB8BD4B87D9453CF1 Ref B: FRAEDGE1409 Ref C: 2024-07-01T22:14:36Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 21:41:01 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2015
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 01 Jul 2024 23:41:01 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		53 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
8bf92a56aa0bc3116f8fc6f4565d5ebed1b15eaac5236f607446f128fc870fd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19404
x-xss-protection
0
server
cafe
etag
15146782258242499301
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 01 Jul 2024 22:14:36 GMT
js
www.googletagmanager.com/gtag/ 		205 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-69140841-1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c90229666069d9cfbacff9d1a9052cc0913dec86f24d9f6c87f58a6daddb8dee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75525
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:36:28 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 01 Jul 2024 22:14:36 GMT
24128821.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/24128821.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7d2c4792377e4ad83c292f24cc600e2b6626e0415550e8319985a2b7336e328
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
fd020976-ab3a-4c0b-8e31-cb399b59e847
x-envoy-upstream-service-time
8
content-length
651
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fd020976-ab3a-4c0b-8e31-cb399b59e847
last-modified
Mon, 01 Jul 2024 16:20:24 GMT
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-zbxnk
access-control-allow-credentials
true
cache-control
public, max-age=90
accept-ranges
bytes
cf-ray
89c9bffc28424d40-FRA
expires
Mon, 01 Jul 2024 22:16:06 GMT
/
websdk.appsflyer.com/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://websdk.appsflyer.com/?st=pba&
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:11::215:14d5 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Jul 2024 22:14:36 GMT
Content-Encoding
gzip
x-amz-request-id
TNFWN7JAHP2EBEJM
x-amz-server-side-encryption
AES256
Connection
keep-alive
Content-Length
9575
x-amz-id-2
rNwspp0GeeuGCVY8uOjVgWk/J3XTDq5+TTLu3jZaoCKMw4CAD3WOCSz6cVuBQQ9yvpK6HO0IqDY=
Last-Modified
Wed, 14 Jun 2023 06:58:46 GMT
Server
AmazonS3
ETag
"d4e7f1ffd74e53e33a46a668c2e9d67c"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=3132
Accept-Ranges
bytes
X-DataStream-Cache-Status
1
Expires
Mon, 01 Jul 2024 23:06:48 GMT
banner-alert.component.a20470511f9733e26a91.html
offtherecord.com/templates/ 		2 KB
932 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/banner-alert.component.a20470511f9733e26a91.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
c79fec1aa5664189f0dcf1cc7c2bda043d017e673686d7a371342f49a1c32fce

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"606-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
9umwrhlenhDiS32XPI29hnfEpFNVwin21rFU6VeBygvI6Hs-Q9eUKA==
side-nav.partial.6838a80488aaaa725f31.html
offtherecord.com/templates/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/side-nav.partial.6838a80488aaaa725f31.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
031f287592b33afc19eee9195f23b5146d5922bc004dc439df3e3d8b0bf54008

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"1153-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
ts6lv7yiy-ltI1x7QrFrFjSakBlUKOrTy-lES_ENV8gaHliwB_YjSg==
otr-main-header-logo.svg
offtherecord.com/assets/img/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/otr-main-header-logo.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"2495-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
dD56cG_B77jEDuxfd_itK0TW-cjJUJIZEtUOp_ioFuBccQVfN4sYfA==
badge_ios.webp
offtherecord.com/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/badge_ios.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
f1e6a0811f0df7be7482db95552fd57017ca33d5a35f07c330859debd46d135c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"6f4-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
1780
x-amz-cf-id
1I-T4PShpFwJ_XsAosZo04mR_Kf9QrpKIM3WR1bt_D2-BIXPIAvdRg==
badge_google_play.webp
offtherecord.com/assets/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/badge_google_play.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
6b771d8c7719a4d6187fb47de02b830ba0ccf68e66be12526786ded85cb960b2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"cd2-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
3282
x-amz-cf-id
aPICE6AbYgqdV_Ug8lGgpp3Hbd6njNfYR607qYBj82uwp9cO8NtKkQ==
sdk.js
connect.facebook.net/en_US/ 		299 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=146cd39d6a301037816568304dfcf139
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
47ffd17562b7c3e32c4b64197ae5c986a597d354b558da090e6450841f765b58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Jul 2024 22:14:36 GMT
content-md5
bQZ8ROqQqQBQ8eqYskGWyw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
87599
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4269, tp=8, tpl=0, uplat=0, ullat=-1
x-fb-debug
xqfUyFhGkmnqwgdt3J7Iblgki4F9QS7j9LLtGs1cNaxVAjA6Hsb4FdwxjPdhZQBwkFpHA0UwgefgwuFdqL+4tA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
ef998b016fbb826522f2366e7c6cc7a6
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"e1379088e9a16aa0bc93c5afb4a2c8d8"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Tue, 01 Jul 2025 21:32:51 GMT
reviews
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&includeDeleted=false&limit=24
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Mon, 01 Jul 2024 22:14:36 GMT
server
nginx/1.22.1
app-text-reveal.component.ec73460453e9a8290e8b.html
offtherecord.com/templates/ 		304 B
675 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/app-text-reveal.component.ec73460453e9a8290e8b.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"130-19041da77f8"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
304
x-amz-cf-id
GWrsdGBYQZnQfas6FaurGLD3m8Qd5vfI7-pOf4c5nbeIBgYAY_Ay5w==
stats-banner.component.1cdbc52a8051d62bdd92.html
offtherecord.com/templates/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/stats-banner.component.1cdbc52a8051d62bdd92.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
9d64ce89336a149d954573c477ff7d9b320f92db397e754626c809b1d1313503

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 14:10:03 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Tue, 11 Jun 2024 23:12:29 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
1670673
x-powered-by
Express
etag
W/"ba1-19009930748"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
wweuMqsuR6TVfPausR-ac8T33hTNEEIjW8jCE18Taw_EK55ZJlRKfQ==
reviews
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		27 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&includeDeleted=false&limit=24
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7c7570c1a2ddd8afdd1eeeb4d0a010ae42a731ffe52bbd09ee58ca3d0d2702fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
faq-dropdown.1f8e8ecca146a162f7ea.html
offtherecord.com/templates/ 		1 KB
786 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/faq-dropdown.1f8e8ecca146a162f7ea.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
99141deb1e06c17d62b664d1b8bacde6c827cd0559a8cd2c2a81b45e0ac3304c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"42a-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
F7zdRMg6jfBOLvR03l5j568RwAiYZiKSzR-HogWfk2KKtxpYhbITWw==
hero-img.webp
offtherecord.com/assets/img/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/hero-img.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
c625a259d52303bc63e165e0326e1d78de9bb5b5074423f368df77fca407b7bf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"90b4-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
37044
x-amz-cf-id
odX_U6dGakkn8O42XV-tJ6wKzcp0QK2yjCoRFZzBEAAvjU1_ONudyg==
facebook--gray.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/facebook--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
7e3f2e5c9c0f642f19eb5d1488c3257ad89341700795e0e6253400c876c4e06d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"7fe-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2046
x-amz-cf-id
VRann5-qynbla63UFjtAdhiR27K_SKq_9iKG1LRqtWOpZUg1gF6_4A==
reviews-io--gray.webp
offtherecord.com/assets/img/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/reviews-io--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
e2eb49ebf978dd7140eacd08fca34dfe6da0db3bebdee08606996d00766d60af

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"c0a-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
3082
x-amz-cf-id
asGCAWHcsFBr8pujLrRqzI20TkxjSouoq19xEnoUPydNX20oXHJ6Kg==
google--gray.webp
offtherecord.com/assets/img/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/google--gray.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
d52af8243ca6afe270829cfe2853cb79a486b81650f8b575374a220c311d5411

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"145c-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
5212
x-amz-cf-id
ecb-aklj7IdhCyXAjjAcdH54BE65GcRVD6PIFAK9kJ30s3ASckPr6Q==
icon-handfull-stars.svg
offtherecord.com/assets/img/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-handfull-stars.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"11aa-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
M0smQXbdogcJ7mX2mm8q9GK1Wlf0n4kqcLMnt5U5iVqSon1_EINvGA==
icon-wallet.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-wallet.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"7cf-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
0pc8g2W5hwZ2LXs3CG_pvHTU67o70D1OsC4ZFN8ORnW9ZQ1Ja-j58A==
icon-briefcase.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-briefcase.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"79f-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
5DgetHaU9PgxyI0pr_bS0WWHBc7qyLrNEpGGLSeak3oGyKEtkcD3-w==
icon-refresh.svg
offtherecord.com/assets/img/ 		2 KB
1010 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-refresh.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"6e0-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
hH4lIkOxJUx6HYqeIm7Ny8l5splYOMSHEqi0gR5cgUtsGpy018lwpg==
how-step-1.webp
offtherecord.com/assets/img/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-1.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
fac08aba895b0525de1904bc4fb04928ba03ec2cd715d084831f0dd265774bce

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"6680-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
26240
x-amz-cf-id
tB4TMnyhLjPAFJo4MiDlbKe2v74mzYYh3Gdmhz6iYYfQD-Ics9L9Ww==
how-step-2.webp
offtherecord.com/assets/img/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-2.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
38ba6370b8d16de4ee7f82099425ead835ff7317d56bf86fe0f5bd34a1a266ef

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 14:10:03 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Tue, 11 Jun 2024 23:12:29 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
1670673
x-powered-by
Express
etag
W/"9112-19009930748"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
37138
x-amz-cf-id
fwacnRiEkVo_z3xT2MOhfihdWEXcgSvDu_MwpoEboKP8xT0_IaHJvg==
how-step-3.webp
offtherecord.com/assets/img/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/how-step-3.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
099f5764acf448fdd12bdb9f709606093ea481ecf2b55f03f89ed8cbad7849fb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"6d12-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
27922
x-amz-cf-id
RFtfLmUmEfjN6dYdY4B7zeMSJ6lg54FoOHgcoumJLoypGjEbrtKGPA==
icon-tickets.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-tickets.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"d60-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
L0S2B7m73RtCUEpmug8gzkHzNqNZdFEpOhJZVY5lAKElhqhLkP9cJA==
icon-window-check.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-window-check.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"6b8-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
93dJs2BqQJtR3p0y7Gv1Sifeyii-hjM8RM9z4b3TqZyiK5pvw9lLqA==
icon-directions.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-directions.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"787-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
BxOhDG-HUwRv0C9ac-36td1okseRzZ3HM2x9QuWr8QxMlpvG2ROhFQ==
icon-verified.svg
offtherecord.com/assets/img/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-verified.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"b51-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
WEkQIs6CklYcPC0ZP_Kw_49kkYFZs8fJfmGWREx_gJ9yOCobx9oMgA==
icon-money-back.svg
offtherecord.com/assets/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-money-back.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"897-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
NCGRfuHC28GLCcXlfH0d6I3tbsgV1VCioMQ6l2aanoe35HyvjI-IIw==
icon-courthouse.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-courthouse.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"c41-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
xZmnVmwfkJyTavrgILaSGX2NQAzB3CzTxEvLtWiBk92baW0Tb-HuOw==
icon-notification-bell.svg
offtherecord.com/assets/img/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/icon-notification-bell.svg
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 00:23:39 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
78657
x-powered-by
Express
etag
W/"a5c-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31557600
x-amz-cf-id
aIZ0dhfblKIG_qSHzRi6jV63SEYaeUx-PKtIayZm2THINda_ZFcGKw==
cbs-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/cbs-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
98af017c05d0d89d07187e5fea5df961cfe0da03321de1daf05e545b663718a4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"866-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2150
x-amz-cf-id
K9PQM-ucKy55M6tb_NdrlWB51m31zQ6ap5FCKMo2dCDi9kw2DZ8QBQ==
fox-news-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		650 B
1012 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/fox-news-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
fdcc34060c0c6a0ec771d0a4f1e14f00092e96577e166be28d33b83ba72faa69

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"28a-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
650
x-amz-cf-id
SaiOEBLH_jCjTP7SMDo2uXQmqovpl3T7gw3_7SqqLYYFJ8doQBBx0A==
nbc-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/nbc-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a6b9e77f842f68bf64b450048c752a189401955f45d149c5430fbc208469ffe0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"76a-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
1898
x-amz-cf-id
8TLmGmPEk7pI467gd6prJH891ItQ2XbsAcdgXxOnhA3e17wofsKggw==
geekwire-logo-bw-min.webp
offtherecord.com/assets/img/logos/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/logos/geekwire-logo-bw-min.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
b1ec55a9e66fe05243e1977a0db2af48f4af4c07bfd0b9cdef32c01ab0f42b9d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"a46-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2630
x-amz-cf-id
8X93gyWXVzggNMVjcFL1MYYMbLZIRFGJKRv8XpW1J9On5_Shju6qsg==
9b29c8910f036259af20.webp
offtherecord.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/9b29c8910f036259af20.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
3f0730cd0abfa61ab736fc7797e8d6ed2ad78d1b1a903a0664bcfb2f67b04adb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"1344-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
4932
x-amz-cf-id
WT-RzDxVlBdadp4ydSRH8Z4LAGB15R-FhEydzqvJBCe703JnUdTUAg==
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 07:43:41 GMT
x-content-type-options
nosniff
age
397855
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 07:43:41 GMT
pro-fa-solid-900-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-0.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39f976b287176178a645cb4f743ec4f3dbb7a08c31ca34c3b096e7bba425c322

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
7790578
etag
"660c297a-2ee4"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffc7e4b2bd9-FRA
content-length
12004
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 20:58:55 GMT
x-content-type-options
nosniff
age
350141
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 20:58:55 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 09:38:01 GMT
x-content-type-options
nosniff
age
390995
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18668
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 09:38:01 GMT
pro-fa-brands-400-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-brands-400-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b852e041e35b676cf550d19cf8d15bc58db780a3827626518f4e0dfc5fb3109

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:13 GMT
server
cloudflare
age
7790578
etag
"660c2971-9d0c"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffc7e4d2bd9-FRA
content-length
40204
pro-fa-brands-400-0.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-brands-400-0.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faf47e501cdae61064aed4b03b1129d37c6e004ebde6f6452f1632f835c9f318

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:13 GMT
server
cloudflare
age
1747681
etag
"660c2971-946c"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffc7e4f2bd9-FRA
content-length
37996
b251b2efc9d8ee4fbafb.gif
offtherecord.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/b251b2efc9d8ee4fbafb.gif
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
a05de9f3792048eff0cedc9370691b2a604cc1628f6aa9f70ad07444d2f02bdb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"9f2-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
2546
x-amz-cf-id
5_5ii8q8uaSuEnuPAtdBYnqllXcX5W7BF7-mYT4iKjMSwsVdVn5YaA==
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=vr31jhtph59
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://fonts.googleapis.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 17:31:01 GMT
x-content-type-options
nosniff
age
362615
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 17:31:01 GMT
pro-fa-solid-900-14.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-14.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7924fd2e6167be712d7efea6b2de21a7331899da86cc273461d4e40b5a522af3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
7790578
etag
"660c297a-34b0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffcfed72bd9-FRA
content-length
13488
pro-fa-solid-900-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b40eed2a14d541eb0ec80d05d29815fa18fd71c46455fc374a47a81226e9d6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
7790578
etag
"660c297a-36dc"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffcfed92bd9-FRA
content-length
14044
pro-fa-solid-900-12.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-12.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7742bb16ac54dbccd2a9df6edc159ff921e1e738f08dc0d4b4b9f31424ede919

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
7790578
etag
"660c297a-3878"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9bffcfedc2bd9-FRA
content-length
14456
stats-banner-design.webp
offtherecord.com/assets/img/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/assets/img/stats-banner-design.webp
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
4c64d183304fcb9316adeceed80e112ae71c6e33484b097896dbb6998d4b9659

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"353a-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/webp
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
13626
x-amz-cf-id
raJo5K0mPvW6i97y7wnz4h2QC9dCGaVe0tlB_A_y1umce4ARv4mu7w==
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=vr31jhtph59
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Mon, 01 Jul 2024 22:14:36 GMT
server
nginx/1.22.1
config
pixel-config.reddit.com/pixels/t2_veaca/ 		3 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel-config.reddit.com/pixels/t2_veaca/config
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
gzip
via
1.1 varnish
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
content-length
27
t2_veaca_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
699 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_veaca_telemetry
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
97
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1719872076365&id=t2_veaca&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=5a1f3d72-21c2-4323-a3ca-677f954293df&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
ecommerce.js
www.google-analytics.com/plugins/ua/ 		1 KB
962 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:39:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
2111
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
630
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Mon, 01 Jul 2024 22:39:25 GMT
185612438538592
connect.facebook.net/signals/config/ 		60 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/185612438538592?v=2.9.159&r=stable&domain=offtherecord.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C39%2C33%2C134%2C14%2C48%2C180%2C179%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2118460ad52d150e15b2d7a92bcbc2d257e2803303ada46de42f07da491403d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Jul 2024 22:14:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4649, tp=12, tpl=0, uplat=60, ullat=0
pragma
public
x-fb-debug
z74w47HnLL9kAjZ6BAtte2NDG4exfIhqN1im+XIxPlUTnEqd18tn8Y1gIfngj/cpgRzncwlEuUKm1D3JUDo9RQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
167 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=50&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=3&s=1&sId=1719872075&u=D6946BBD4754422EE03623D9CEDC7E77A&ed=%7B%22tz%22%3A%22Europe%2FBerlin%22%2C%22tO%22%3A%22-2%22%2C%22lt%22%3A%221719872076388%22%2C%22r%22%3A%22%22%2C%22ul%22%3A%22de-de%22%2C%22de%22%3A%22UTF-8%22%2C%22sc%22%3A%2224%22%2C%22sr%22%3A%221600x1200%22%7D&vn=7.0.363&vns=undefined&vno=undefined&eTime=1719872075394&random=0.6105251730638677
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-34bfb91cf1c68c871cf1e720f5217f45.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:35 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
89 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=46&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=2&s=1&u=D6946BBD4754422EE03623D9CEDC7E77A&vn=7.0.363&vns=undefined&vno=undefined&eTime=1719872075396&random=0.6674411411023939
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-34bfb91cf1c68c871cf1e720f5217f45.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
l.gif
dev.visualwebsiteoptimizer.com/ 		35 B
89 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/l.gif?experiment_id=28&account_id=660553&cu=https%3A%2F%2Fofftherecord.com%2F&combination=2&s=1&u=D6946BBD4754422EE03623D9CEDC7E77A&vn=7.0.363&vns=undefined&vno=undefined&eTime=1719872075397&random=0.8931037011106011
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-34bfb91cf1c68c871cf1e720f5217f45.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:35 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-TMGSMNG8YY&gtm=45je46q0v9102325189z877772510za200zb77772510&_p=1719872075911&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=253695644.1719872076&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719872076&sct=1&seg=0&dl=https%3A%2F%2Fofftherecord.com%2F&dt=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&en=page_view&_fv=1&_ss=1&tfd=1646&_z=fetch
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
245 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-TMGSMNG8YY&cid=253695644.1719872076&gtm=45je46q0v9102325189z877772510za200zb77772510&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TMGSMNG8YY&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-TMGSMNG8YY&cid=253695644.1719872076&gtm=45je46q0v9102325189z877772510za200zb77772510&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1182689666
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
web
relay.offtherecord.com/s/settings/6DGA5/v1/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/s/settings/6DGA5/v1/web
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
/
Resource Hash
45303277878437cb8faafcbaf090aac7fd30089fd26bfe3bb4490641e7cec84f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
https://offtherecord.com
date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json; charset=utf-8
settings.js
dev.visualwebsiteoptimizer.com/ 		10 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/settings.js?a=660553&settings_type=1&vn=7.0&exc=28|46|50
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-34bfb91cf1c68c871cf1e720f5217f45.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra2 /
Resource Hash
7334887f7c4fe74b0bc46bdf9ddeb4d6d2657e418e12ba83f3ceaa1d51137ca1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
content-encoding
gzip
via
1.1 google
server
gfra2
etag
W/"1719842488"
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
s.gif
dev.visualwebsiteoptimizer.com/ 		35 B
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=660553&u=D6946BBD4754422EE03623D9CEDC7E77A&s=1719872075&p=1&tags={%22si%22:{%2250%22:%223%22,%2246%22:%222%22,%2228%22:%222%22}}&update=1&cq=0&vn=7.0.363&vns=undefined&vno=undefined&_cu=https%3A%2F%2Fofftherecord.com%2F&eTime=1719872075484&random=0.49137744560814034
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:35 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
access-control-allow-origin
*
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
16001542.js
bat.bing.com/p/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/16001542.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Mon, 01 Jul 2024 22:14:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2D5D5C71D4E041D384022298DD73FC1E Ref B: FRAEDGE1409 Ref C: 2024-07-01T22:14:36Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
285 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=16001542&Ver=2&mid=ba2d4053-5dbc-4cb2-a7c3-30eb1ce3d2ac&sid=4d498e7037f711efa902bbf1cb6ae342&vid=4d499dc037f711efac3af5840470950f&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&kw=traffic%20ticket%20lawyer,%20traffic%20ticket%20attorney,%20speeding%20ticket%20lawyer,%20fight%20traffic%20ticket,%20fight%20speeding%20ticket,%20contest%20ticket,%20traffic%20ticket,%20traffic%20lawyer,%20traffic%20attorney,%20speeding%20ticket&p=https%3A%2F%2Fofftherecord.com%2F&r=&lt=1244&evt=pageLoad&sv=1&rn=61887
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 01 Jul 2024 22:14:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: DFF9006F7BFE44279495025FE1C55256 Ref B: FRAEDGE1409 Ref C: 2024-07-01T22:14:36Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		268 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-937085283&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3fde0456c5b2316f2271fc3df35525a33f45a6279cb253320b036a0dee162beb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94293
x-xss-protection
0
last-modified
Mon, 01 Jul 2024 21:36:28 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 01 Jul 2024 22:14:36 GMT
24128821.js
js.hs-analytics.net/analytics/1719871800000/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1719871800000/24128821.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e793f23a53ad610cf8efa2a14ae34aed2906c04d9c28726145f8b79c25c67908

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
A1R7DEJE5YCF2C9Y
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
8a5d70ab-f3d2-4948-b142-07012e33c949
x-envoy-upstream-service-time
21
x-amz-id-2
tFe1B/C31iJDEZMiEnG5A9g76/8HqvBbMdy/p0jsnFFn/nMWm4/5FQ/SPiJddJyNY9dzKl6gQ9E=
x-evy-trace-listener
listener_https
x-request-id
8a5d70ab-f3d2-4948-b142-07012e33c949
x-evy-trace-route-configuration
listener_https/all
last-modified
Fri, 21 Jun 2024 21:38:54 GMT
server
cloudflare
etag
W/"e92bbfc0993dc6fa370b77dec046bee9"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-rslzw
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
89c9bfffaeca92c9-FRA
expires
Mon, 01 Jul 2024 22:19:36 GMT
collectedforms.js
js.hscollectedforms.net/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
x-amz-version-id
WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
6ef38644-e893-49ed-b553-444dee0e62e8
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=89c9bfffad7a1c15-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6ef38644-e893-49ed-b553-444dee0e62e8
last-modified
Wed, 15 May 2024 14:34:44 UTC
server
cloudflare
etag
W/"7d377a186677c174f204d466b8fa5fdb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cf-ray
89c9bfffad7a1c15-FRA
x-amz-cf-id
KKtla4-Z50Nqw0mYKY0l4jh1oUM4ANpNJU62XUiedo9hXg7P1rribA==
x-hs-target-asset
collected-forms-embed-js/static-1.503/bundles/project.js
banner.js
js.hs-banner.com/v2/24128821/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/24128821/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fa8412e22a263baf0081df39a3ae64d5caa1a1c22ecbe8b865e1751792de101

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
x-amz-version-id
rk9XJpuCBNJd8V8VIEUJiw1jZ4CkcV93
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
A1R073R5RQJ93YQY
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
80312591-70c9-45ac-a176-fdd8852bd837
x-envoy-upstream-service-time
95
x-amz-id-2
o5HOQTOZ5b1EaUzO17rcPM5VCJC9tGm6SYncERGjM1p4OquG3joIurz5VLlkt9ohGL516u7NgQE=
x-evy-trace-listener
listener_https
x-request-id
80312591-70c9-45ac-a176-fdd8852bd837
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 18 Apr 2024 15:13:47 GMT
server
cloudflare
etag
W/"f6665e5b886313582732efeab4c1a4e6"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-w85d2
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
89c9bfffad594d22-FRA
expires
Mon, 01 Jul 2024 22:19:37 GMT
web-interactives-embed.js
js.hubspot.com/ 		82 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/24128821.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab1fca31f7e7a89c198881e69c42c6bb3578b7d55f2cee7463b96360feaf7eaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1194/bundles/project.js&cfRay=89c9bfffaa25bbf7-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"50f2e99c1f025777ca05bdae3cfcf91d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.1194/bundles/project.js
date
Mon, 01 Jul 2024 22:14:36 GMT
x-amz-version-id
MDb_7hFyElKIrRJmReYAEj96Es7nef4a
x-content-type-options
nosniff
cf-cache-status
MISS
via
1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
152d359b-9f54-450a-82b0-75b4ea8f7d76
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
x-evy-trace-route-configuration
listener_https/all
x-request-id
152d359b-9f54-450a-82b0-75b4ea8f7d76
last-modified
Thu, 20 Jun 2024 14:37:30 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzAtO45CCneI4NQfbJRbL81vC%2FhNO%2FdMno3G0hTZqcWFYJzZ5gbwGVqAFdAEhWNT8uS2Dfc%2FBZFOzqJ3f0zLZ4xwPy4S07fpKO56thPtql3wQ7lJKuEvOwZMq3Ibd325K3DuVCZQmHXrrReF"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-rqmnf
cf-ray
89c9bfffaa25bbf7-FRA
x-amz-cf-id
eywjmQSfFn8XAE8XTUDRzz0xmMObidzxP8gEJdDAuY8cPQYudVuwwg==
onelink
wa.onelink.me/v1/ 		13 B
363 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-101.muc50.r.cloudfront.net
Software
/
Resource Hash
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 67b46acac5b2604c39c0417497d3d218.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
13
x-amz-cf-id
kgaQ1iIWOEI5a59Jun8xbPH8uJu-vip9XGG9-rJNdpeme-mrCc1XqQ==
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1653776975&t=pageview&_s=1&dl=https%3A%2F%2Fofftherecord.com%2F&ul=de-de&de=UTF-8&dt=Fight%20Your%20Moving%20Violation%20%7C%20Traffic%20Ticket%20Lawyer%20Local%20%26%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUIRAAAAACAAI~&jid=1957468499&gjid=896326683&cid=253695644.1719872076&tid=UA-69140841-1&_gid=1168095440.1719872076&_r=1&gtm=457e46q0za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&jsscut=1&did=i5iSjo&npa=1&z=271289036
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=185612438538592&ev=PageView&dl=https%3A%2F%2Fofftherecord.com%2F&rl=&if=false&ts=1719872076548&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719872076548.499316657350827357&ler=empty&cdl=API_unavailable&it=1719872076379&coo=false&rqm=GET
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=2820, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 01 Jul 2024 22:14:36 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=185612438538592&ev=PageView&dl=https%3A%2F%2Fofftherecord.com%2F&rl=&if=false&ts=1719872076548&sw=1600&sh=1200&v=2.9.159&r=stable&ec=0&o=4126&fbp=fb.1.1719872076548.499316657350827357&ler=empty&cdl=API_unavailable&it=1719872076379&coo=false&rqm=FGET
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x9dd072b32d0f0f49","source_keys":["1","2"]},{"key_piece":"0x64c97cef41c1459b","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Mon, 01 Jul 2024 22:14:36 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7386794320417570756", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=10, rtx=0, c=14, mss=1328, tbw=3137, tp=-1, tpl=-1, uplat=163, ullat=0
pragma
no-cache
x-fb-debug
3izO3jFAb6fMkpbyFCR6X97GNDb0+5hBuZyB63jE1gM/3XNejbWQy4yvfkwNmEYQYKu1I4LTgZxuV3pWXMXECQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7386794320417570756"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
open
relay.offtherecord.com/v1/ 		323 B
713 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/open
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.232.193.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-193-47.compute-1.amazonaws.com
Software
/ Branch
Resource Hash
1ca2d1b468c90b2488fa33a990354e05f332a146bd7571e28575acc220a6fe9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 477f2815176dbf316918cf19d9dc3eb6.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD55-P4
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
c3877e43-7e6a-49eb-9953-7034d371705f-2024070122
content-length
323
x-amz-cf-id
T7AhwlB1oxvvAoXJZw53RGDqjOheC4SJhBIp_LyI6yGytev9WYyShw==
page
relay.offtherecord.com/rec/ 		1 KB
782 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/page
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
/
Resource Hash
a1f7f2ce2e6a999ffa923b16b62e429f94b287d702bddda54918f949a6b2f0a8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://offtherecord.com
date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json; charset=utf-8
collect
stats.g.doubleclick.net/j/ 		4 B
151 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69140841-1&cid=253695644.1719872076&jid=1957468499&gjid=896326683&_gid=1168095440.1719872076&npa=1&_u=aGDAAUIQAAAAACAAI~&z=1618249539
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 01 Jul 2024 22:14:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://offtherecord.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69140841-1&cid=253695644.1719872076&jid=1957468499&npa=1&_u=aGDAAUIQAAAAACAAI~&z=76663459
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69140841-1&cid=253695644.1719872076&jid=1957468499&npa=1&_u=aGDAAUIQAAAAACAAI~&z=76663459
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=w2acfuoqkfj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token
Access-Control-Request-Method
GET
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Mon, 01 Jul 2024 22:14:36 GMT
server
nginx/1.22.1
user
otr-backend-service-us-prod.offtherecord.com/api/v1/ 		163 B
584 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=w2acfuoqkfj
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
nginx/1.22.1
x-frame-options
DENY
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
events
wa.appsflyer.com/ 		80 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.appsflyer.com/events?site-id=26de086f-993b-4d92-9fb8-a2ee6128f041
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.65.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-65-36.muc50.r.cloudfront.net
Software
/
Resource Hash
60e0f7863202948e47ee691bcfa022145cd23b46af136654f518493045ad3489

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 72e7358c1b788ea69a1649b717511b9a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P6
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
80
x-amz-cf-id
ZXet77BEiAqTLig3r4LwS6wzDJub7xGBjN5hd5wW1kruFgHpjwZrdA==
logout
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
api-token,content-type
Access-Control-Request-Method
POST
Origin
https://offtherecord.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Api-Token, X-Feature, X-Captcha-Token, X-Captcha-Version, X-Resource-Id
access-control-allow-methods
GET, POST, PUT, DELETE
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
access-control-max-age
3600
date
Mon, 01 Jul 2024 22:14:36 GMT
server
nginx/1.22.1
logout
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ 		0
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.206.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-206-204-170.compute-1.amazonaws.com
Software
nginx/1.22.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Api-Token
vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Jul 2024 22:14:36 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
server
nginx/1.22.1
x-frame-options
DENY
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Location, Otr-url-location, Otr-signed-url-location
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		135 B
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=24128821&utk=
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d1ce97752f29df67b0b336f715364cb0b902c9a9cbe004f9956767448da360d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
524a2d9c-a1cd-400a-9f3a-600204869bf9
x-envoy-upstream-service-time
9
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
524a2d9c-a1cd-400a-9f3a-600204869bf9
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-kt4hg
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
89c9c0007e1e1c15-FRA
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 		108 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=24128821&currentUrl=https%3A%2F%2Fofftherecord.com%2F
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b3eeeab5-bae0-4512-b518-8d5a3f772313
content-encoding
br
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b3eeeab5-bae0-4512-b518-8d5a3f772313
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://offtherecord.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uMHU2lgKRZ%2FPAY0EaCHR8ycwfAl%2FBTpzgdIue6bCcLp8%2BFKyg634hePE5P%2Bq5YMbop3GCbvTDxxOuB5dPSQfX8pVMriU14aZSztwa7loDLQw8paOYWH3KsJdQG8VWGYqiwrZ8C22ztA9QnyFcJ0ds6YEk%2FRQDaiN2Sw%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
89c9c0008b6ebbf7-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-6lppp
review-rating.component.170c675fa134251aaf4c.html
offtherecord.com/templates/ 		948 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/review-rating.component.170c675fa134251aaf4c.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
2d95f71505cec68b09ebcbad4208d2ede280629de1b62c329cca5aab65fad29a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"3b4-19041da77f8"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
948
x-amz-cf-id
2vfMKOgGDHxWh6U4lgSLH26i67PrDJQKiMCqDrRityTTFrN7mFJ7gA==
avatar-image-fallback.component.6d85a17c6b223631488b.html
offtherecord.com/templates/ 		88 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/avatar-image-fallback.component.6d85a17c6b223631488b.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
091c27084bee9182fda190c70ab01d92f1f32c72be2f4dd37946f62c315ec574

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"58-19041da77f8"
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
88
x-amz-cf-id
a7ERxfgMR3qSykO8LisBfSIGgJqScYOVKBfRuLXer7OL3TZLFp163g==
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		331 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a73d9886283369e97c809bb8b7af15cab6263559318fb730256f6da6a720426

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		331 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab7cf6d604656e7b693a04fad0db66744fd810935ddcdd3db5f37ec8d98c2c21

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ccb7e3319b8febae9c65ab29606ebdf09541e6e0a94d4b606465d3845dcb9717

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
production
anhkgav0.apicdn.sanity.io/v2023-07-12/data/query/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://anhkgav0.apicdn.sanity.io/v2023-07-12/data/query/production?query=*%5B_type+%3D%3D+%22faq%22+%26%26+%22home-page-faq%22+in+category+%26%26+state-%3EstateName+%21%3D+%22Florida%22%5D+%7C+order%28orderRank%29&perspective=published
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.206.188 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
188.206.49.34.bc.googleusercontent.com
Software
/
Resource Hash
782b500ffe273ea8835346e12ce00952dd1eca302242ef5715fac5ffb1c0b76d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-sanity-shard
gcp-eu-w1-01-prod-1034
date
Mon, 01 Jul 2024 22:11:11 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
apicdn-cache-control
public, max-age=60, s-maxage=3600, stale-while-revalidate=60, stale-if-error=3600
via
1.1 google
sanity-gateway
k8s-gcp-eu-w1-prod-ing-01
server-timing
api;dur=18
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2419
sanity-query-hash
5eeh4a+as7Q uxvbys1qyTQ
access-control-max-age
600
x-sanity-age
205
content-type
application/json; charset=utf-8
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
Content-Type, Content-Length, ETag, X-Sanity-Deprecated, X-Sanity-Warning
cache-control
public, max-age=60, s-maxage=60, stale-while-revalidate=15, stale-if-error=3600
access-control-allow-credentials
true
vary
accept-encoding, origin
accept-ranges
bytes
onelink
wa.onelink.me/v1/ 		51 B
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wa.onelink.me/v1/onelink?af_id=377e38ab-752b-4f71-b20e-112a6e105fee-p
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-101.muc50.r.cloudfront.net
Software
/
Resource Hash
300f31db74eec22e8870205ab9dbc50863ab1df0056fd79c3c17f3ea9c0b769c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:36 GMT
via
1.1 67b46acac5b2604c39c0417497d3d218.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P4
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
51
x-amz-cf-id
Y1H-gGflzlr5A-Yd6KECFuS26ynE9yg5Md4SrdgQQCaoV2e_seXTgw==
user-rating.component.e3e94106426db1e8d981.html
offtherecord.com/templates/ 		2 KB
873 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/templates/user-rating.component.e3e94106426db1e8d981.html
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
cafed8afce97ffc3d420081a23c193ac0dc3d2c70454332284233b3d151da5ad

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json, text/plain, */*
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:02 GMT
content-encoding
gzip
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"913-19041da77f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/html; charset=UTF-8
cache-control
public, max-age=31557600
x-amz-cf-id
07sCw-6WDu-pivYY3oyPouZ6EHOlIl0R1uGIsLBn1yMjXXcloscGqA==
KqFPADK.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
11010.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
8xDTad2.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
595448.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
521483.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
hWpD3F5.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
sCO1GuV.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
271202.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
EQXKnBl.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
kkYFbuf.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
XsCgbSt.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
744615.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
488561.jpeg
off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/ 		0
0
pageview
relay.offtherecord.com/v1/ 		29 B
347 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/pageview
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.232.193.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-193-47.compute-1.amazonaws.com
Software
/ Branch
Resource Hash
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 477f2815176dbf316918cf19d9dc3eb6.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P4
x-powered-by
Branch
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
29
x-amz-cf-id
QbeZaMugJUSeBUgwFcWAy36fKOJSd0-Z-YHEyLQyxsg4AaWdgexlfw==
integrations
relay.offtherecord.com/rec/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/integrations?OrgId=6DGA5&isInFrame=false&isNative=false
Requested by
Host: relay.offtherecord.com
URL: https://relay.offtherecord.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
/
Resource Hash
fda8e2340dd0d31581f956b339da1e9533a2c6838d385e672f984d069dab2a62

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
via
1.1 google
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
text/javascript; charset=utf-8
pro-fa-light-300-1.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-1.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6892a725066e5a0c71c46574e9e5c2459c51c067c9ecd576abe77a70f442b2d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:16 GMT
server
cloudflare
age
1526604
etag
"660c2974-4678"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9c0014b3e2bd9-FRA
content-length
18040
pro-fa-light-300-13.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-light-300-13.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fca26b24960b9a7badc3221b8c2d0daf2f7fe9f1774da08ca290ab56bc62cd5f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:16 GMT
server
cloudflare
age
7790295
etag
"660c2974-4484"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9c0015b4a2bd9-FRA
content-length
17540
pro-fa-solid-900-13.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-solid-900-13.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5fb457fc69058cd84b72db3a52c0ef9961aa7d18e7bab081d7f1953a7cc23dd

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:22 GMT
server
cloudflare
age
136914
etag
"660c297a-37d0"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9c0016b692bd9-FRA
content-length
14288
logout
relay.offtherecord.com/v1/ 		190 B
617 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.232.193.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-193-47.compute-1.amazonaws.com
Software
/ Express
Resource Hash
908c02fa14f8fccb5d7a34534424c8833b101176c66eeeeb884045a45866694d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 477f2815176dbf316918cf19d9dc3eb6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
IAD55-P4
etag
W/"be-4+zyL4vxfNgdQb6rmfUXZtJlLN0"
x-powered-by
Express
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
1809f4da7124458bb654c12648f66a61-2024070122
content-length
190
x-amz-cf-id
pNdQYec4JqL7OuTmIkePwKk5WUU96Q3Bq3zFFiBPcnBSEWqeQFARYg==
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
928 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e8010c34-acdb-459e-90f3-361695789636
x-envoy-upstream-service-time
3
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e8010c34-acdb-459e-90f3-361695789636
last-modified
Mon, 01 Jul 2024 22:14:37 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-ptpxr
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
89c9c001ccdc367d-FRA
latest.js
edge.fullstory.com/datalayer/v4/
Redirect Chain
  • https://relay.offtherecord.com/datalayer/v4/latest.js
  • https://edge.fullstory.com/datalayer/v4/latest.js
43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/datalayer/v4/latest.js
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3b604f1e389d668b8535edb53e650780275dfa02e874ecc98c8f72c38662799f

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://offtherecord.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Jul 2024 21:25:43 GMT
content-encoding
gzip
age
2934
x-guploader-uploadid
ACJd0NrauKy6FnHmEtMZPGqY7Mk2L6uIID3J63JS1LzNTz67FQ0dKJZeVejE_g688OXF2LxX_ItrzNoiWA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11986
last-modified
Fri, 10 May 2024 14:58:37 GMT
server
UploadServer
etag
"182b49f0262c0a0e6504cd3dfd20a137"
x-goog-generation
1715353117275502
x-goog-hash
crc32c=cN3mUA==, md5=GCtJ8CYsCg5lBM09/SChNw==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
11986
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 01 Jul 2024 22:25:43 GMT

Redirect headers

location
https://edge.fullstory.com/datalayer/v4/latest.js
date
Mon, 01 Jul 2024 22:14:37 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
72
content-type
text/html; charset=utf-8
logout
relay.offtherecord.com/v1/ 		190 B
616 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:444/v1/logout
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.232.193.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-232-193-47.compute-1.amazonaws.com
Software
/ Express
Resource Hash
c1ca96b30b05253ba60fc80eb25569192b142a7144b06a82dc19e3a775c9f84f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 477f2815176dbf316918cf19d9dc3eb6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
IAD55-P4
etag
W/"be-bnrLLhe3lro4I+uzEME0kYJlkI0"
x-powered-by
Express
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
4313f69d970e46269db228b909da222c-2024070122
content-length
190
x-amz-cf-id
yGbQxUmfy0OXQWomR9Obr1Gul3r3aNAb6sUx_g1cXAjZ4CzfsRHRDA==
eb79c0b24a5a9494cd36.png
offtherecord.com/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offtherecord.com/eb79c0b24a5a9494cd36.png
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
072583eaca4f4cf965ff3913f7bffe2108cb46c91f28a51cff411e91459ca836

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/main.c214a36cef6ab26dcfc3.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:03 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3214
x-powered-by
Express
etag
W/"1534-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
5428
x-amz-cf-id
4xkZaDG5mLu9Ii78uO9E8goP3-PxUkb8iKtUOFAH2WLv_7RCicvrqg==
pro-fa-regular-400-12.woff2
ka-p.fontawesome.com/releases/v6.5.2/webfonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.5.2/webfonts/pro-fa-regular-400-12.woff2
Requested by
Host: offtherecord.com
URL: https://offtherecord.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af04f015df3bbffd125ee30eaf78e7f1c9328f5b967d66f7b7f8958472464dda

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Origin
https://offtherecord.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:37 GMT
cf-cache-status
HIT
last-modified
Tue, 02 Apr 2024 15:51:17 GMT
server
cloudflare
age
7790578
etag
"660c2975-4244"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
89c9c0044e202bd9-FRA
content-length
16964
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3598200494&v=1.1&a=24128821&rcu=https%3A%2F%2Fofftherecord.com%2F&pu=https%3A%2F%2Fofftherecord.com%2F&t=Fight+Your+Moving+Violation+%7C+Traffic+Ticket+Lawyer+Local+%26+Online&cts=1719872078421&vi=fcdffbfed8770e57a6019d027a23884c&nc=true&u=77102922.fcdffbfed8770e57a6019d027a23884c.1719872078418.1719872078418.1719872078418.1&b=77102922.1.1719872078418&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 22:14:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
99b16aec-4aea-424e-8b18-d7863acc0975
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
9
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
99b16aec-4aea-424e-8b18-d7863acc0975
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JT%2FYfLKHUx7fZPs%2FJ2MVbTVmKzRrGE3%2B7P0mjFpC3JRccCOvDKtZfh3Fj2pQJJW8o2OB3jZXgo%2FmDJbatFM7R5nVZ9Eu7ebmsHYT1eli0%2BKxYGXKdZlohU9z7Fl85OJyUetbOC1jRpAtNaVsdKj8"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-pkwbj
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
89c9c00a5b780859-FRA
x-robots-tag
none
favicon.ico
offtherecord.com/assets/img/favicon/ 		34 KB
34 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://offtherecord.com/assets/img/favicon/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.183.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-183-115.zrh55.r.cloudfront.net
Software
nginx / Express
Resource Hash
c5832c43af37aceae73a95406f6115fbbe18b09d463fea354f371c79ae7b9027

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Jul 2024 21:21:03 GMT
via
1.1 fec5e83bcae9ab1295b776b3f64183d0.cloudfront.net (CloudFront)
last-modified
Sat, 22 Jun 2024 21:29:15 GMT
server
nginx
x-amz-cf-pop
ZRH55-P1
age
3215
x-powered-by
Express
etag
W/"86be-19041da77f8"
x-cache
Hit from cloudfront
content-type
image/x-icon
cache-control
public, max-age=31557600
accept-ranges
bytes
content-length
34494
x-amz-cf-id
Lz4F8HlqSGb_nf19a3kVagudiNcyXw6xDrPGDNjGtIR9u9XSAQiyNg==
v2
relay.offtherecord.com/rec/bundle/ 		29 B
233 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/bundle/v2?OrgId=6DGA5&UserId=f733e339-b7e2-443b-9922-316d7c6a50a0&SessionId=d9dd3398-d528-4d4d-b380-75752403c534&PageId=3e3c3908-7e8d-4a75-af01-c3e423f4184a&Seq=1&ClientTime=1719872079551&PageStart=1719872076950&PrevBundleTime=0&LastActivity=2374&IsNewSession=true&ContentEncoding=gzip
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
/
Resource Hash
1bcfb879b4aa074e360ef4f479aa794751eb1c187a9189ecbd77721a04556ccf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://offtherecord.com
date
Mon, 01 Jul 2024 22:14:39 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
/
relay.offtherecord.com/track/ 		25 B
450 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com:446/track/?verbose=1&ip=1&_=1719872081107
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.82.59.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-59-33.compute-1.amazonaws.com
Software
envoy /
Resource Hash
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Jul 2024 22:14:41 GMT
strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
server
envoy
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://offtherecord.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
50
access-control-allow-headers
X-Requested-With, X-Amzn-Trace-Id, Content-Type
content-length
25
alt-svc
clear
v2
relay.offtherecord.com/rec/bundle/ 		29 B
233 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://relay.offtherecord.com/rec/bundle/v2?OrgId=6DGA5&UserId=f733e339-b7e2-443b-9922-316d7c6a50a0&SessionId=d9dd3398-d528-4d4d-b380-75752403c534&PageId=3e3c3908-7e8d-4a75-af01-c3e423f4184a&Seq=2&ClientTime=1719872082013&PageStart=1719872076950&PrevBundleTime=1719872079616&LastActivity=4863&IsNewSession=true&ContentEncoding=gzip
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.71.204.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-71-204-54.compute-1.amazonaws.com
Software
/
Resource Hash
b941cc9ef53f75c8bf3a345763263e984c0856132dc24fb3a579948762d4cb52

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://offtherecord.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://offtherecord.com
date
Mon, 01 Jul 2024 22:14:42 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/KqFPADK.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=d2a6281d05f15b7efa1d571460d5ea47faf870867bf713b517ae7f11f831ce8a
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/11010.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=cb1ee7e2c7068361afacf7d9c512d85c6329dbb1aeb23636fa5deaafa9ab62a8
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/8xDTad2.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=9aa63416ecc2a626731f1db5d0bcc9e9c07544c616b4405114b9b80eaaf8523c
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/595448.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=a88886753191b0f8be90f0114f1348467f3dbe70ba63a7dd8a23d77e3cc544cb
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/521483.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=2260ec97f48b4f132ded157047fa98d3f941bd52f61c4aff4dc22621bceff1c5
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/hWpD3F5.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=ee2317a8ad0f60ccbdfc4e9fa9dc2a7901fefcb437cba6f883ea90a6e6491dc7
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/sCO1GuV.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=43405cd771addaaa8cca727c226e9948b90ea20ddf3b1b2d2831136b4833ca31
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/271202.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=522935b794d314077ecd08d5d2376d87e3437aa506200e85fb753e16510d3dad
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/EQXKnBl.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=500d78f4181efab198c4eefec944112440f22619a5576a5020a9fee2aa1efbb0
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/kkYFbuf.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=08a962a754cefa12b41402e8413eb121b47535145f5b61cab9340daaccaa36ac
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/XsCgbSt.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=301cdd45dd8e3a65171faea5394191d86a2eef296316ef4488f42f0b3f81db40
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/744615.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=900&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=2f6595614b33416c06fbaa3ab1298fde7b1bb03f23d81bbc72764f75eb844b0d
Domain
off-the-record-service.s3.us-west-2.amazonaws.com
URL
https://off-the-record-service.s3.us-west-2.amazonaws.com/private/clients/profile-pictures/488561.jpeg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20240701T213608Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAIYSJJP6QCX3XDV7A%2F20240701%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=aaf655c289969ba656055bc8f1387d3fa2d17b9e7ce08a0bd86d8e42846b3326

Verdicts & Comments Add Verdict or Comment

169 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 undefined| event object| fence object| sharedStorage object| appAbTestFlags object| code object| _vwo_code number| _vwo_settings_timer object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| FontAwesomeKitConfig object| Sentry object| __SENTRY__ function| Stripe object| webpackChunkStripeJSouter function| noop boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| loadDeferredStyles function| raf function| setVH object| gapi object| ___jsl object| recaptcha object| closure_lm_519005 object| dataLayer function| ga object| gaDevIds object| gaplugins object| webpackChunkotr_marketing_site object| SENTRY_RELEASE object| SENTRY_RELEASES object| angular object| branch function| _ function| Snap function| moment function| Flow object| _F_toggles object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| mixpanel function| fbAsyncInit object| google_tag_manager object| google_tag_data number| _vwo_acc_id object| vwoCode object| _vwo_style string| _vwo_css function| commonWrapper function| pushBasedCommonWrapper string| _vwo_cookieDomain string| _vwo_uuid number| _vwo_library_timer string| _vis_opt_file string| _vis_opt_lib undefined| vwo_e number| _vwo_j_e object| _VWO string| _vwo_mt string| _vwo_tm object| VWO object| vwo_iehack_queue object| _vwo_exp_ids object| _vwo_exp object| VWOOmni function| rdt function| fbq function| _fbq object| uetq string| GoogleAnalyticsObject string| AppsFlyerSdkObject function| AF object| FB function| redditNormalizeEmail object| gaGlobal object| gaData function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_t object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath string| _vis_opt_experiment_id boolean| _vwo_settings_timed_out function| onYouTubeIframeAPIReady string| _fs_loaded function| _fs_shutdown object| __buffer function| UET function| UET_init function| UET_push object| ueto_79dc84e434 function| GooglemKTybQhCsO function| google_trackConversion function| gtag object| _hsp object| AF_SDK object| __hsCollectedFormsDebug object| _hsq object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| _paq function| sanitizeKey boolean| _hstc_loaded object| __sentry_instrumentation_handlers__ string| _fs_rec_settings_host string| _dlo_appender object| _dlo_telemetryExporter number| _dlo_logLevel object| _dlo_beforeDestination boolean| _dlo_previewMode boolean| _dlo_readOnLoad boolean| _dlo_validateRules object| _dlo_rules_adobe_am object| _dlo_rules_google_em object| _dlo_rules_google_em_ga4 object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| _dlo_observer boolean| _hstc_ran string| __hsUserToken number| expireDateTime

39 Cookies

Domain/Path Name / Value
fight.offtherecord.com/ Name: _s
Value: 8Hyt4cyq8sM2Lb%2FO66mDHu8mzK6VfgZsWZD1UcRE%2B8C9%2BM0M%2B2006zjLPwk0oV%2Fk
.offtherecord.com/ Name: _vwo_uuid_v2
Value: D6946BBD4754422EE03623D9CEDC7E77A|7cf74184785856dcd4059494e9eba767
.offtherecord.com/ Name: _gcl_au
Value: 1.1.1655701540.1719872076
.offtherecord.com/ Name: _rdt_uuid
Value: 1719872076364.5a1f3d72-21c2-4323-a3ca-677f954293df
.offtherecord.com/ Name: _gid
Value: GA1.2.1168095440.1719872076
.offtherecord.com/ Name: _vis_opt_s
Value: 1%7C
.offtherecord.com/ Name: _vis_opt_test_cookie
Value: 1
.offtherecord.com/ Name: _vwo_uuid
Value: D6946BBD4754422EE03623D9CEDC7E77A
.offtherecord.com/ Name: _vwo_ds
Value: 3%241719872075%3A51.43957799%3A%3A
.offtherecord.com/ Name: _vwo_sn
Value: 0%3A1%3A%3A%3A1
.offtherecord.com/ Name: _ga_TMGSMNG8YY
Value: GS1.1.1719872076.1.0.1719872076.60.0.0
.offtherecord.com/ Name: _vis_opt_exp_28_combi
Value: 2
.offtherecord.com/ Name: _vis_opt_exp_46_combi
Value: 2
.offtherecord.com/ Name: _vis_opt_exp_50_combi
Value: 3
.offtherecord.com/ Name: _uetsid
Value: 4d498e7037f711efa902bbf1cb6ae342
.offtherecord.com/ Name: _uetvid
Value: 4d499dc037f711efac3af5840470950f
.offtherecord.com/ Name: mp_971aeee0e6b3795a30de20c2cc8585b4_mixpanel
Value: %7B%22distinct_id%22%3A%20%22%24device%3A190705d394a536-0a4b2d118d8859-26001f51-1d4c00-190705d394a536%22%2C%22%24device_id%22%3A%20%22190705d394a536-0a4b2d118d8859-26001f51-1d4c00-190705d394a536%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%22%24os%22%3A%20%22Windows%22%2C%22%24browser%22%3A%20%22Chrome%22%2C%22%24browser_version%22%3A%20126%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22%24vwo_user_id%22%3A%20%22D6946BBD4754422EE03623D9CEDC7E77A%22%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D
.offtherecord.com/ Name: _ga
Value: GA1.2.253695644.1719872076
.offtherecord.com/ Name: _gat_gtag_UA_69140841_1
Value: 1
.offtherecord.com/ Name: _fbp
Value: fb.1.1719872076548.499316657350827357
.bing.com/ Name: MUID
Value: 2CE8C4007138692317F9D0AF705368AA
m.stripe.com/ Name: m
Value: 6f199cc1-fc74-44c4-948f-23dcbef5a211247113
.offtherecord.com/ Name: __stripe_mid
Value: aa6adc48-34e3-4a05-8a13-12377289e7923205b7
.offtherecord.com/ Name: __stripe_sid
Value: d724e84b-6247-4c5b-b2ce-3e34bd33e091af8e72
.appsflyer.com/ Name: af_id
Value: 377e38ab-752b-4f71-b20e-112a6e105fee-p
.offtherecord.com/ Name: afUserId
Value: 377e38ab-752b-4f71-b20e-112a6e105fee-p
.offtherecord.com/ Name: otr-referrer
Value: %22https%3A%2F%2Fofftherecord.com%2F%22
.offtherecord.com/ Name: fs_lua
Value: 1.1719872076950
.onelink.me/ Name: af_id
Value: 377e38ab-752b-4f71-b20e-112a6e105fee-p
.offtherecord.com/ Name: fs_uid
Value: #6DGA5#f733e339-b7e2-443b-9922-316d7c6a50a0:d9dd3398-d528-4d4d-b380-75752403c534:1719872076950::1#/1751408078
.offtherecord.com/ Name: AF_SYNC
Value: 1719872076957
.hsforms.com/ Name: __cf_bm
Value: J6h6X0wf_KXCbcXF8NdY.9sftugsz6lLVtyPlE4Hz6Q-1719872077-1.0.1.1-XQrHuld5QDNOkvzgpSd8MOE2zv5LQhbDuwsg6ZbC31s.FyDge6kP9.4un30nIWBByO02TlkdfxU3jKKBZrSwAg
.hsforms.com/ Name: _cfuvid
Value: ZxT87u4m1YerOg6H1wFpa9UFejLkRGR0ODzg3dvr2Wo-1719872077195-0.0.1.1-604800000
.offtherecord.com/ Name: __hstc
Value: 77102922.fcdffbfed8770e57a6019d027a23884c.1719872078418.1719872078418.1719872078418.1
.offtherecord.com/ Name: hubspotutk
Value: fcdffbfed8770e57a6019d027a23884c
.offtherecord.com/ Name: __hssrc
Value: 1
.offtherecord.com/ Name: __hssc
Value: 77102922.1.1719872078418
.hubspot.com/ Name: __cf_bm
Value: nnXy8qOLnqBm32YGG_heYJ0e1ybD1JGYt9LFssgUdcM-1719872078-1.0.1.1-ocEOHe1Ws5oozlddNmN_klW5SsubrMKT50reLF1.S2vhaJPqL6fa7C.CgLWGKov155fTVAO8GzMkZ70RV3YQ0w
.hubspot.com/ Name: _cfuvid
Value: wlw1aBiNCyD1k48cHnqEFFLx.b7BuqlNCLr6KMZgQaU-1719872078636-0.0.1.1-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
anhkgav0.apicdn.sanity.io
apis.google.com
bat.bing.com
browser.sentry-cdn.com
connect.facebook.net
cta-service-cms2.hubspot.com
dev.visualwebsiteoptimizer.com
edge.fullstory.com
fight.offtherecord.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hubspot.com
js.stripe.com
ka-p.fontawesome.com
kit.fontawesome.com
off-the-record-service.s3.us-west-2.amazonaws.com
offtherecord.com
otr-backend-service-us-prod.offtherecord.com
perf-na1.hsforms.com
pixel-config.reddit.com
region1.analytics.google.com
relay.offtherecord.com
stats.g.doubleclick.net
track.hubspot.com
wa.appsflyer.com
wa.onelink.me
websdk.appsflyer.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
off-the-record-service.s3.us-west-2.amazonaws.com
13.57.72.67
142.250.186.130
151.101.1.140
151.101.192.176
151.101.64.176
151.101.65.140
18.165.183.115
18.173.187.101
18.232.193.47
2001:4860:4802:32::178
2001:4860:4802:32::36
2606:4700:4400::ac40:93bc
2606:4700:4400::ac40:991b
2606:4700::6810:6efe
2606:4700::6810:7674
2606:4700::6810:8ad1
2606:4700::6811:afc9
2606:4700::6812:50cc
2620:1ec:c11::237
2a00:1450:4001:802::200a
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:827::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c00::9a
2a02:26f0:3500:11::215:14d5
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a04:4e42::396
2a04:4e42::729
34.49.206.188
34.96.102.137
35.201.112.186
44.206.204.170
52.71.204.54
52.85.65.36
54.82.59.33
01a3066991f4af85d35aaa0068aa00054f9762f39c263853f49518d5f9784c4b
031f287592b33afc19eee9195f23b5146d5922bc004dc439df3e3d8b0bf54008
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
072583eaca4f4cf965ff3913f7bffe2108cb46c91f28a51cff411e91459ca836
091c27084bee9182fda190c70ab01d92f1f32c72be2f4dd37946f62c315ec574
09257d7499b27827718c7e6e9ca3781ab1831703aeb80160f607883f65929d67
099f5764acf448fdd12bdb9f709606093ea481ecf2b55f03f89ed8cbad7849fb
0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0
0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
13abe194974d9ab73d6634d2ef7db02703f94b56ba5b12cf452d93a6288efcb3
14842835c4c50fd3a40d341b36c1c26d9daa8b6677a148601dfe71bc8dd8c04b
1580a6a19cb081a84215f13b42f765469beb87d7401f16349760cd067fc4da71
17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf
1bcfb879b4aa074e360ef4f479aa794751eb1c187a9189ecbd77721a04556ccf
1ca2d1b468c90b2488fa33a990354e05f332a146bd7571e28575acc220a6fe9b
1f3387f11826be4923a2d3a8c1542780abd6d4c66ce13f2de770f2e386989593
2118460ad52d150e15b2d7a92bcbc2d257e2803303ada46de42f07da491403d5
25e75db4d1786d60f5c4ca3fdf27fed9bc63aee5e1be15f0cc2c57cada4796b0
28503820ff423a3e61dcab001567d362860dfed3863e3143f5046316a2f262f2
29efe1a1ffbbd350ee4e4feccd5ca7eb202b660ac5c1bfbd2a847c360ae6685a
2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e
2d95f71505cec68b09ebcbad4208d2ede280629de1b62c329cca5aab65fad29a
2eccab3ca2a7533fcc79a44dcc36f2a4f012adc5fd949685abe37d8c743a0e0f
300f31db74eec22e8870205ab9dbc50863ab1df0056fd79c3c17f3ea9c0b769c
3437f195c3f03e93049d9ef9c9e79b2ebeb8b97339a268cf2d6e4ab38aee09c5
38ba6370b8d16de4ee7f82099425ead835ff7317d56bf86fe0f5bd34a1a266ef
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
39f976b287176178a645cb4f743ec4f3dbb7a08c31ca34c3b096e7bba425c322
3b604f1e389d668b8535edb53e650780275dfa02e874ecc98c8f72c38662799f
3f0730cd0abfa61ab736fc7797e8d6ed2ad78d1b1a903a0664bcfb2f67b04adb
3fa8412e22a263baf0081df39a3ae64d5caa1a1c22ecbe8b865e1751792de101
3fde0456c5b2316f2271fc3df35525a33f45a6279cb253320b036a0dee162beb
429f091bc992af5010b1a1b16b1c8e6dfac6728fe938e66fed97f26f21071ab9
45303277878437cb8faafcbaf090aac7fd30089fd26bfe3bb4490641e7cec84f
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
45f126c2a5a6d90090c4ba9a424dce1c2b154e620a756ad6a03b7ec3d33a8379
47ffd17562b7c3e32c4b64197ae5c986a597d354b558da090e6450841f765b58
4c64d183304fcb9316adeceed80e112ae71c6e33484b097896dbb6998d4b9659
4fcbb1a5df6e55aad11e414ae61b6a292085fc399746a019e86084c9a715fcd4
516640faeb856df6599d165f26ee51ce8cbaaf34f7c09d818509e75f6a48ae13
5195fd12b830dfac301dd2d5b0c91d15548e2c4453a23fe03d60d28e8abc3fe1
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
59f6bd660f86e814f32159cdf2266437d3497978d988afb30867521f3a8fc0a3
5d904be0b7b81df09b9197c0b09baac3340e08a583a17f64b75e1c0b467dd07f
603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9
60e0f7863202948e47ee691bcfa022145cd23b46af136654f518493045ad3489
648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b771d8c7719a4d6187fb47de02b830ba0ccf68e66be12526786ded85cb960b2
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
7334887f7c4fe74b0bc46bdf9ddeb4d6d2657e418e12ba83f3ceaa1d51137ca1
7742bb16ac54dbccd2a9df6edc159ff921e1e738f08dc0d4b4b9f31424ede919
782b500ffe273ea8835346e12ce00952dd1eca302242ef5715fac5ffb1c0b76d
78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46
7924fd2e6167be712d7efea6b2de21a7331899da86cc273461d4e40b5a522af3
7b5edcbf4a04dec3e1381046ccfe8e7135eaca4cc47973ccfd4ec6384b39b8bb
7b7ca9dee8acbf03925b43a2cb76e364ba514c30a18de9f1523d0b156093c7d6
7c7570c1a2ddd8afdd1eeeb4d0a010ae42a731ffe52bbd09ee58ca3d0d2702fc
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f
7d38cf48db41a250c7256cb7295f9b818bbd8cb75745c3a975174da27d021082
7e3f2e5c9c0f642f19eb5d1488c3257ad89341700795e0e6253400c876c4e06d
7e7558ddd527f6452c7c72f510f48964f6319f317b314829c2786e42346c372e
7ed6ed94539c66975dc82aa70df5b69b52c54255b4bf58bde69480a794814972
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
8a73d9886283369e97c809bb8b7af15cab6263559318fb730256f6da6a720426
8b852e041e35b676cf550d19cf8d15bc58db780a3827626518f4e0dfc5fb3109
8bf92a56aa0bc3116f8fc6f4565d5ebed1b15eaac5236f607446f128fc870fd2
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b
908c02fa14f8fccb5d7a34534424c8833b101176c66eeeeb884045a45866694d
909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93
91ab93b25227f8a29a716fdc41831b0a8a8729d8cde9f8adb29f4c8392457b9e
98af017c05d0d89d07187e5fea5df961cfe0da03321de1daf05e545b663718a4
99141deb1e06c17d62b664d1b8bacde6c827cd0559a8cd2c2a81b45e0ac3304c
9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d
9d1ce97752f29df67b0b336f715364cb0b902c9a9cbe004f9956767448da360d
9d64ce89336a149d954573c477ff7d9b320f92db397e754626c809b1d1313503
a05de9f3792048eff0cedc9370691b2a604cc1628f6aa9f70ad07444d2f02bdb
a1f7f2ce2e6a999ffa923b16b62e429f94b287d702bddda54918f949a6b2f0a8
a2b40eed2a14d541eb0ec80d05d29815fa18fd71c46455fc374a47a81226e9d6
a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800
a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8
a6b9e77f842f68bf64b450048c752a189401955f45d149c5430fbc208469ffe0
a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76
a9cb20d56674c5d31f30c7541ea5c988fd7f34a6f0cbe18d2f8b39c9db11013b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab1fca31f7e7a89c198881e69c42c6bb3578b7d55f2cee7463b96360feaf7eaa
ab7cf6d604656e7b693a04fad0db66744fd810935ddcdd3db5f37ec8d98c2c21
af04f015df3bbffd125ee30eaf78e7f1c9328f5b967d66f7b7f8958472464dda
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0
b1ec55a9e66fe05243e1977a0db2af48f4af4c07bfd0b9cdef32c01ab0f42b9d
b25d55e9df6af94720da527398f910187209ddd55e4e3a1af7241ad1c3256726
b6892a725066e5a0c71c46574e9e5c2459c51c067c9ecd576abe77a70f442b2d
b89883077b7da3bdf8df4274d65f842616738531605bd1b2ae956e24b80835d1
b941cc9ef53f75c8bf3a345763263e984c0856132dc24fb3a579948762d4cb52
bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db
c1ca96b30b05253ba60fc80eb25569192b142a7144b06a82dc19e3a775c9f84f
c3061c3788ad5783ef8a5d10c454bafe7eb942c48200dccc852cc6d3c9f303d4
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686
c5832c43af37aceae73a95406f6115fbbe18b09d463fea354f371c79ae7b9027
c5fb457fc69058cd84b72db3a52c0ef9961aa7d18e7bab081d7f1953a7cc23dd
c625a259d52303bc63e165e0326e1d78de9bb5b5074423f368df77fca407b7bf
c79fec1aa5664189f0dcf1cc7c2bda043d017e673686d7a371342f49a1c32fce
c7d2c4792377e4ad83c292f24cc600e2b6626e0415550e8319985a2b7336e328
c8bfb96606d58d00a590963b8dd12e349ae7ac2eda65e9892a36a887e146703d
c90229666069d9cfbacff9d1a9052cc0913dec86f24d9f6c87f58a6daddb8dee
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cad08c9782cbde27b90104ded5f58eddcf7fcf469f6a7f61ee8c489a8f377e2e
cafed8afce97ffc3d420081a23c193ac0dc3d2c70454332284233b3d151da5ad
ccb7e3319b8febae9c65ab29606ebdf09541e6e0a94d4b606465d3845dcb9717
cf6ac740fc12afd2a32b8ec13b01bebd33e8c80badfc815ffa59259e29d4f886
d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925
d3f4bb2a0905b700fe60e4cf0fc84bca316b10fa49070270087173baa31e31b3
d52af8243ca6afe270829cfe2853cb79a486b81650f8b575374a220c311d5411
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de1805522e8bde4516893684590f431b5bc8716638f3b9cdbf4e987767e61a65
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
debca78f8ca7955db2c959e400eadd51a9032d2d1af2310e4caefde88ca90e3d
e2eb49ebf978dd7140eacd08fca34dfe6da0db3bebdee08606996d00766d60af
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e793f23a53ad610cf8efa2a14ae34aed2906c04d9c28726145f8b79c25c67908
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
ebb64fd9bb742d327640240c5c6cbddd6c57c3a5e63bc091a202c9daa3c49c1c
ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d3fe2a8106b2ac0fe9ed20c7c3548c198cb1402e5fba6ac150841ea4bd65f
f1e6a0811f0df7be7482db95552fd57017ca33d5a35f07c330859debd46d135c
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f9c0338c99725880299b688b609a0b6b2892eed1dabc38c33d9141d757c94883
f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27
fac08aba895b0525de1904bc4fb04928ba03ec2cd715d084831f0dd265774bce
faf47e501cdae61064aed4b03b1129d37c6e004ebde6f6452f1632f835c9f318
fca26b24960b9a7badc3221b8c2d0daf2f7fe9f1774da08ca290ab56bc62cd5f
fda8e2340dd0d31581f956b339da1e9533a2c6838d385e672f984d069dab2a62
fdcc34060c0c6a0ec771d0a4f1e14f00092e96577e166be28d33b83ba72faa69