urlscan.io logo urlscan.io
SecurityTrails logo

www.activatetravelsavings.com Open in urlscan Pro
162.210.97.242  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bookings.activatetravelsavings.com/
Effective URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Submission: On September 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 9 domains to perform 39 HTTP transactions. The main IP is 162.210.97.242, located in United States and belongs to STEADFAST, US. The main domain is www.activatetravelsavings.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 26th 2021. Valid for: a year.
This is the only time www.activatetravelsavings.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 199.73.52.3 33695 (SCALEMATRIX)
10 162.210.97.242 32748 (STEADFAST)
1 172.217.16.132 15169 (GOOGLE)
2 104.18.10.207 13335 (CLOUDFLAR...)
2 104.21.78.7 13335 (CLOUDFLAR...)
1 142.250.184.202 15169 (GOOGLE)
5 3.235.73.91 14618 (AMAZON-AES)
1 172.217.16.131 15169 (GOOGLE)
1 69.16.175.42 33438 (HIGHWINDS2)
1 104.16.18.94 13335 (CLOUDFLAR...)
12 13.225.84.240 16509 (AMAZON-02)
2 13.224.186.242 16509 (AMAZON-02)
1 142.250.185.163 15169 (GOOGLE)
39 12
3    199.73.52.3 (San Diego, United States)

ASN33695 (SCALEMATRIX, US)
PTR: www.saveonresorts.com
bookings.activatetravelsavings.com
10    162.210.97.242 (United States)

ASN32748 (STEADFAST, US)
www.activatetravelsavings.com
1    172.217.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f132.1e100.net
www.google.com
2    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
2    104.21.78.7 (None, )

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net
fonts.googleapis.com
5    3.235.73.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-235-73-91.compute-1.amazonaws.com
us02web.zoom.us
1    172.217.16.131 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f131.1e100.net
www.gstatic.com
1    69.16.175.42 (United States)

ASN33438 (HIGHWINDS2, US)
PTR: hwcdn.net
code.jquery.com
1    104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
12    13.225.84.240 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-240.fra2.r.cloudfront.net
st1.zoom.us
ssrweb.zoom.us
2    13.224.186.242 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-186-242.fra2.r.cloudfront.net
us02st3.zoom.us
us02st1.zoom.us
1    142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com
Domain Requested by
11 st1.zoom.us us02web.zoom.us
st1.zoom.us
10 www.activatetravelsavings.com www.activatetravelsavings.com
5 us02web.zoom.us www.activatetravelsavings.com
us02web.zoom.us
3 bookings.activatetravelsavings.com 3 redirects
2 use.fontawesome.com www.activatetravelsavings.com
use.fontawesome.com
2 stackpath.bootstrapcdn.com www.activatetravelsavings.com
1 ssrweb.zoom.us us02web.zoom.us
1 us02st1.zoom.us us02web.zoom.us
1 fonts.gstatic.com fonts.googleapis.com
1 us02st3.zoom.us us02web.zoom.us
1 cdnjs.cloudflare.com www.activatetravelsavings.com
1 code.jquery.com www.activatetravelsavings.com
1 www.gstatic.com www.google.com
1 fonts.googleapis.com www.activatetravelsavings.com
1 www.google.com www.activatetravelsavings.com
39 15

This site contains links to these domains. Also see Links.

Domain
seotrafficleader.com
Subject Issuer Validity Valid
activatetravelsavings.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-26 -
2022-03-29		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.zoom.us
DigiCert SHA2 Secure Server CA		 2020-05-24 -
2022-06-01		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Frame ID: 94646F576996979B0883779D2DB68B0D
Requests: 21 HTTP requests in this frame

Frame: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Frame ID: 03166257FC44E193BF50C783524350FF
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Activate Travel Savings

Page URL History Show full URLs

  1. https://bookings.activatetravelsavings.com/ HTTP 302
    https://bookings.activatetravelsavings.com/membership/ HTTP 302
    https://bookings.activatetravelsavings.com/membership/login?redirecturl=%2fmembership%2f HTTP 302
    https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/vue(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
  • /popper\.js/([0-9.]+)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

39
Requests

100 %
HTTPS

0 %
IPv6

9
Domains

15
Subdomains

12
IPs

2
Countries

3603 kB
Transfer

5433 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bookings.activatetravelsavings.com/ HTTP 302
    https://bookings.activatetravelsavings.com/membership/ HTTP 302
    https://bookings.activatetravelsavings.com/membership/login?redirecturl=%2fmembership%2f HTTP 302
    https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.activatetravelsavings.com/
Redirect Chain
  • https://bookings.activatetravelsavings.com/
  • https://bookings.activatetravelsavings.com/membership/
  • https://bookings.activatetravelsavings.com/membership/login?redirecturl=%2fmembership%2f
  • https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
47 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
fcba775e585da3a3230e9da7f232a6d3d599a51a4e83570f257e862e4fabf45d

Request headers

:method
GET
:authority
www.activatetravelsavings.com
:scheme
https
:path
/?redirecturl=%2fmembership%2f
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
server
Apache
last-modified
Mon, 03 Aug 2020 16:59:43 GMT
accept-ranges
none
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
11936
content-type
text/html

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
https://www.activatetravelsavings.com?redirecturl=%2fmembership%2f
P3P
CP="ADMa OUR IND DSP NON COR"
Request-Context
appId=cid-v1:8644ddf0-29b2-4283-87c0-7a9a514aefb5
Access-Control-Expose-Headers
Request-Context
Date
Wed, 22 Sep 2021 21:48:47 GMT
Connection
close
Content-Length
26478
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1;mode=block
X-Powered-By
arrivia
Server
arrivia
X-AspNet-Version
arrivia
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
api.js
www.google.com/recaptcha/ 		850 B
987 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f132.1e100.net
Software
GSE /
Resource Hash
1c9eab627784ec862dd97635d015b259fa3fdc1f58d7fd198ae0a449e6790848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
553
x-xss-protection
1; mode=block
expires
Wed, 22 Sep 2021 21:48:48 GMT
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/ 		150 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601
age
1995695
cdn-cachedat
08/03/2021 19:30:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cdn-proxyver
1.0
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:07 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
cbe83ddf85215606dfeb48cfbcbaef99
cf-ray
692ebd52ef776943-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
all.css
use.fontawesome.com/releases/v5.7.1/css/ 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.1/css/all.css
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
TC3J1VPZ9PQQNSBX
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-id-2
03SysrRchPFdSa7AMCP9hPiqqWYXPE5iTsmGtvrIVfhx8YzYpP9auTUVgSNMTT6HiXeLqbqZfL4=
last-modified
Wed, 30 Jun 2021 15:45:37 GMT
server
cloudflare
etag
W/"7b1d7f457d056ace7b230b587b9f3753"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wu2v9pqG4vcb6I6czq6dj8bnIQBmANJ%2F7Sq%2Fh1z%2BCMiNRhmJV%2FsZ1biIrHk%2Fjb0eUTsNsKQTwrLevcb%2F0jIT1ypZmzn5ZA0FyonTxPsvbzwlxMSa5g70MxwHZHnjo2OyLJI1grh2"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
692ebd531ff82790-PRG
custom.css
www.activatetravelsavings.com/assets/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.activatetravelsavings.com/assets/css/custom.css
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
53a8f61d49b759b45f3c624c2a3ab4fcc2a8a1faec11bc99da55e56c40bd9a67

Request headers

:path
/assets/css/custom.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 06:44:55 GMT
server
Apache
vary
Accept-Encoding,User-Agent
content-type
text/css
accept-ranges
none
content-length
1711
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f10.1e100.net
Software
ESF /
Resource Hash
53ae2866fcaba569cd9e0ac4b09272cc440ee233866691c533f0a59f08d41f46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 19:58:13 GMT
server
ESF
date
Wed, 22 Sep 2021 21:48:48 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Sep 2021 21:48:48 GMT
logo_ATS_white.png
www.activatetravelsavings.com/assets/img/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/logo_ATS_white.png
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
f4e96ed3597fbfa7ebbfbc47068cbb537e2c40ac1afa8d8d0821e08b67f85650

Request headers

:path
/assets/img/logo_ATS_white.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:45 GMT
server
Apache
etag
"a603-5837c4ed72c3f"
vary
User-Agent
content-type
image/png
accept-ranges
bytes
content-length
42499
hotel-paris.jpg
www.activatetravelsavings.com/assets/img/ 		89 KB
89 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/hotel-paris.jpg
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
96a065e94cda44431d713a766f0de97bd63f3fd2d7ae740c754ba27f1cceb646

Request headers

:path
/assets/img/hotel-paris.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:46 GMT
server
Apache
etag
"162e9-5837c4eecdc01"
vary
User-Agent
content-type
image/jpeg
accept-ranges
bytes
content-length
90857
hotel-sydney.jpg
www.activatetravelsavings.com/assets/img/ 		93 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/hotel-sydney.jpg
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
97c3837e1801b44f2f91c78b015490ca1ee8f367d891ac8211c8a383892fd1c4

Request headers

:path
/assets/img/hotel-sydney.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:48 GMT
server
Apache
etag
"174f0-5837c4f085ac6"
vary
User-Agent
content-type
image/jpeg
accept-ranges
bytes
content-length
95472
hotel-LA.jpg
www.activatetravelsavings.com/assets/img/ 		166 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/hotel-LA.jpg
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
1d4137bc639effce295d286afc40b9cee3aace62293528e633eaab74547342fb

Request headers

:path
/assets/img/hotel-LA.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:46 GMT
server
Apache
etag
"29924-5837c4ee80d76"
vary
User-Agent
content-type
image/jpeg
accept-ranges
bytes
content-length
170276
hotel-bali.jpg
www.activatetravelsavings.com/assets/img/ 		126 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/hotel-bali.jpg
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
842fb946718899517ce671450e99e9cf8bb1d2b9a811a957afcced60709785a9

Request headers

:path
/assets/img/hotel-bali.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:44 GMT
server
Apache
etag
"1f8c2-5837c4ecfb635"
vary
User-Agent
content-type
image/jpeg
accept-ranges
bytes
content-length
129218
tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU
us02web.zoom.us/rec/play/ Frame 0316 		7 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.235.73.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-235-73-91.compute-1.amazonaws.com
Software
/
Resource Hash
d6b35d4471bc47467c434941c0fb39a191bb2e2bae12391528415921c566d709
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-80l7U--kTAKHh9bTmfPuaw' 'unsafe-inline' 'unsafe-eval' blob: https:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
us02web.zoom.us
:scheme
https
:path
/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.activatetravelsavings.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-type
text/html;charset=utf-8
x-zm-trackingid
v=2.0;clid=us02;rid=WEB_77aa994151725dfb819601fc852d0b17
x-robots-tag
noindex, nofollow
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-80l7U--kTAKHh9bTmfPuaw' 'unsafe-inline' 'unsafe-eval' blob: https:;
content-security-policy-report-only
frame-ancestors 'self'; report-uri /csp/report/%252Frec%252Fplay%252FtcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU
set-cookie
zm_aid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly zm_haid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly zm_tmaid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly zm_htmaid=""; Domain=.zoom.us; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure; HttpOnly _zm_ssid=us02_c_CHRfQn6vRa-33GF_S2V_5g; Domain=.zoom.us; Path=/; Secure; HttpOnly cred=A7689523D17DE8B088FBF864F8E76A99; Path=/; Secure; HttpOnly _zm_ctaid=o35E9gOZQACmHfBv4Dt3hw.1632347328770.5b3028de15c3f92a5cca473e07a8e128; Domain=.zoom.us; Expires=Wed, 22-Sep-2021 23:48:48 GMT; Path=/; Secure; HttpOnly _zm_chtaid=871; Domain=.zoom.us; Expires=Wed, 22-Sep-2021 23:48:48 GMT; Path=/; Secure; HttpOnly _zm_csp_script_nonce=80l7U--kTAKHh9bTmfPuaw; Domain=.zoom.us; Path=/; Secure; HttpOnly _zm_currency=EUR; Domain=.zoom.us; Expires=Thu, 23-Sep-2021 21:48:48 GMT; Path=/; Secure _zm_mtk_guid=eabd73bc59df4d4fad6317f35200a2b6; Domain=.zoom.us; Path=/; Max-Age=63072000; SameSite=None; Secure
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
content-language
de-DE
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
content-encoding
gzip
recaptcha__de.js
www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/ 		342 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f131.1e100.net
Software
sffe /
Resource Hash
b8c490e04a2be43d25df6263307477469d6ef82a318809f800bedda65c4803b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:20:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1696
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
136719
x-xss-protection
0
last-modified
Sun, 12 Sep 2021 18:01:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="recaptcha"
expires
Thu, 22 Sep 2022 21:20:32 GMT
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
hwcdn.net
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
gzip
last-modified
Sat, 20 Jan 2018 17:26:44 GMT
server
nginx
etag
W/"5a637bd4-1538f"
vary
Accept-Encoding
x-hw
1632347328.dop243.fr8.t,1632347328.cds231.fr8.hn,1632347328.cds002.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30288
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.6/umd/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.6/umd/popper.min.js
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
587c080125b135d29a931ed371e50ffc1a9641831c1087de2cd74532815f4560
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
846080
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6634
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-51ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3tmVaiizrP7AgJT%2FDfEunxsbn5kBad0buYme9yXU1VEQOmTRkSWBLzH8BJ3G%2BtOaaFo5yKgQtsbMNp6%2BBi75v0m3HOyWiLsxFJjfQB%2F1TYXxdm6fiCF4S5OhcSiHhTCdSnRPa7W"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
692ebd535f01c2a9-FRA
expires
Mon, 12 Sep 2022 21:48:48 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.2.1/js/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/js/bootstrap.min.js
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.activatetravelsavings.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
722, 617, 617
age
2570046
cdn-cachedat
2021-07-24 16:49:46
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:07 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
d56edcfce713689a0639fdb11af18fb3
cf-ray
692ebd533fec6943-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
main.js
www.activatetravelsavings.com/assets/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.activatetravelsavings.com/assets/js/main.js
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
1ab46b03bb57c40d6e31af15f2d06e45671f53d284ed3b21ae3c71c0262687fc

Request headers

:path
/assets/js/main.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
gzip
last-modified
Mon, 03 Aug 2020 17:57:50 GMT
server
Apache
vary
Accept-Encoding,User-Agent
content-type
application/javascript
accept-ranges
none
content-length
1110
%252Frec%252Fplay%252FtcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU
us02web.zoom.us/csp/report/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://us02web.zoom.us/csp/report/%252Frec%252Fplay%252FtcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/?redirecturl=%2fmembership%2f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.235.73.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-235-73-91.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.activatetravelsavings.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 22 Sep 2021 21:48:49 GMT
referrer-policy
strict-origin-when-cross-origin
x-zm-trackingid
v=2.0;clid=us02;rid=WEB_cc26c468ab49703ba4f36260e31ccc72
x-frame-options
SAMEORIGIN
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-xss-protection
1; mode=block
content-security-policy
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
strict-transport-security
max-age=31536000; includeSubDomains
content-length
0
x-content-type-options
nosniff
chunk-vendors.4a4bed66.css
st1.zoom.us/fe-static/recording-player/css/ Frame 0316 		135 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/css/chunk-vendors.4a4bed66.css
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a2a608519aed5b0b0156851b3d4add2acc4391ab04510f83de1837d20348c46

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:07:58 GMT
content-encoding
gzip
etag
W/"46eb713240ceef062ea34cf383d66eff"
last-modified
Tue, 06 Jul 2021 21:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
YY-DQOb17hBSpXCmy1CojKKzzgS59gdh3nQsYpCn7SXSmYlOmKGTUQ==
app.7eb0d572.css
st1.zoom.us/fe-static/recording-player/css/ Frame 0316 		24 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/css/app.7eb0d572.css
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b39b26f2d2c017e7e3fa566227a1eef3224eba65c23deaa0f6e7da9ec56dbc53

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 00:40:14 GMT
content-encoding
gzip
etag
W/"717cf4e11e685fe4188071bc4903a4b6"
last-modified
Tue, 06 Jul 2021 21:07:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
NtisR6azPBDSmk2MC8XUjYEtoZJY9Rl7D70OUDR-jgb070T7anxupg==
csrf_js
us02web.zoom.us/ Frame 0316 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us02web.zoom.us/csrf_js?t_x_zm_rid=1
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.235.73.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-235-73-91.compute-1.amazonaws.com
Software
/
Resource Hash
b99880b096fb40a58312a799951553278e27eb9c1726dd2ca4013dbd9dad57e9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-zm-trackingid
v=2.0;clid=us02;rid=WEB_bc66e6e8202e5aeb49092f320c3fbbf2
x-frame-options
SAMEORIGIN
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-xss-protection
1; mode=block
cache-control
private, max-age=28800
content-security-policy
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript;charset=UTF-8
x-content-type-options
nosniff
vue.min.js
us02st3.zoom.us/static/5.2.2047/js/lib/vue/ Frame 0316 		408 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://us02st3.zoom.us/static/5.2.2047/js/lib/vue/vue.min.js
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.186.242 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-186-242.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a67394b5849e496a457bc375c14f7441043cee097ae620482f404f9de6116828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 22 Sep 2021 07:09:48 GMT
content-encoding
gzip
last-modified
Wed, 22 Sep 2021 05:47:24 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
md5:2f6abdde2a87c851328d7d1bd5affdf8
x-edge-origin-shield-skipped
0
etag
W/"2f6abdde2a87c851328d7d1bd5affdf8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
ObugrbSiH1lDaZaPbI_haew70GPf15hiBvJFUnP7l5OA56in2gVDNg==
chunk-vendors.91bbcf36.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		339 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/chunk-vendors.91bbcf36.js
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
24dba36cdc72af5811a83a02aa1a958c7750208115d9b4c0ca27096caaf6a268

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 00:50:40 GMT
content-encoding
gzip
etag
W/"4ac1450aa3b36c900772f4d50814017a"
last-modified
Tue, 06 Jul 2021 21:07:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
N37rxUKEoqw7Cev2vkag2git_w60QZK9iURhZG-w5wYGfj7YOkDg9w==
app.bd2f96ad.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		56 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4640c491d74a39a4f371dab9b563a32e9b667f2737c034bc2aa0f40b45b3c3d2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 00:50:40 GMT
content-encoding
gzip
etag
W/"45b4e685523929690c8ad3a5b8caee32"
last-modified
Sat, 17 Jul 2021 23:56:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
-0cEA6j3W_5gbqKvAFBiAgJf0V9_WFSsy8zdAu0BGKp9vpq4ULBK6Q==
bg-fullpage.jpg
www.activatetravelsavings.com/assets/img/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/bg-fullpage.jpg
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/assets/css/custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
2af9d911990117b68010c901edbf4776b9a6c449ee46a8315415d5e7a8ea8449

Request headers

:path
/assets/img/bg-fullpage.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/assets/css/custom.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/assets/css/custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:50 GMT
server
Apache
etag
"231379-5837c4f1d733d"
vary
User-Agent
content-type
image/jpeg
accept-ranges
bytes
content-length
2298745
discount-banner.png
www.activatetravelsavings.com/assets/img/ 		381 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.activatetravelsavings.com/assets/img/discount-banner.png
Requested by
Host: www.activatetravelsavings.com
URL: https://www.activatetravelsavings.com/assets/css/custom.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.210.97.242 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
Software
Apache /
Resource Hash
8186eac1300b69244a16591393d0bd01789ff4223fe9aed527f4a96bcf093a9c

Request headers

:path
/assets/img/discount-banner.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.activatetravelsavings.com
referer
https://www.activatetravelsavings.com/assets/css/custom.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.activatetravelsavings.com/assets/css/custom.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:48 GMT
last-modified
Thu, 07 Mar 2019 07:46:46 GMT
server
Apache
etag
"17d-5837c4ee2fe32"
vary
User-Agent
content-type
image/png
accept-ranges
bytes
content-length
381
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v25/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v25/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:57 GMT
x-content-type-options
nosniff
age
19011
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:26 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:57 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.7.1/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.7.1/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

Request headers

Referer
https://use.fontawesome.com/releases/v5.7.1/css/all.css
Origin
https://www.activatetravelsavings.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:49 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
DRFR09EH6T7CTNC6
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
74320
x-amz-id-2
5rVZClLXxFGJWN1qLSCRl+azMZhrgUC/DLOyPcDvYU6f7n14fHLXhnXSb2DrTGKBwWWwFLoKf7U=
last-modified
Wed, 30 Jun 2021 15:45:57 GMT
server
cloudflare
etag
"3638e62ea50e6f5859b6a15276c25c87"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XzJYA437D9T1GXbLiBJaqr%2FXLxecmI54kjpaHiqE7W1MbZnXRRzyFbAoIxHT99uE4hWw0UXkw7BIBDc7m7yk2%2Byh9FVzeamcE0gOFp2PU4jSuex5r214IY9UqKGv9wc7rbeRw%2FGm"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
692ebd560bab2780-PRG
csrf_js
us02web.zoom.us/ Frame 0316 		54 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://us02web.zoom.us/csrf_js?t_x_zm_rid=1
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/csrf_js?t_x_zm_rid=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.235.73.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-235-73-91.compute-1.amazonaws.com
Software
/
Resource Hash
790a7a20251fbdde7aabcf7f7f5c2d7194bd8a5fe564224e4524723abfd94a47
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
FETCH-CSRF-TOKEN
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:49 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-zm-trackingid
v=2.0;clid=us02;rid=WEB_26dcc62051def960214432827fc4916d
x-frame-options
SAMEORIGIN
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-xss-protection
1; mode=block
content-security-policy
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain;charset=UTF-8
x-content-type-options
nosniff
i18n-en-US.da4487a5.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/i18n-en-US.da4487a5.js
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aae58eacd8a75f6ec309f51d965badc83e2815c990fe8ba0a0c96b6631572f65

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 05:57:25 GMT
content-encoding
gzip
etag
W/"cb174ea38e7dee235eca650b49d9ef98"
last-modified
Tue, 06 Jul 2021 21:07:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
wa5ocSdmLSHlHA6fuXyUYbhSRlVOG7Or-5tm6GIAxnaP9iu3vpxBFA==
en-json.baf1d5c5.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/en-json.baf1d5c5.js
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b66d5b0d7f3d61cec13c172364d7ac2bfcb676ff4a6488f92b5db2db9205e8a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 05:57:25 GMT
content-encoding
gzip
etag
W/"beb6e1ae382fc11c7023c4cdae5b1193"
last-modified
Tue, 06 Jul 2021 21:07:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
uG02KS5yTY2O0o76bZk44ZP6aETstZdnQwmME3NvhHDB0Hyu1aWbCA==
video.js.1966df50.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		578 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/video.js.1966df50.js
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f439ad5b81187e7db1f8740434ea7a11d2976496ba9d03281a9e9897a6717d54

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 03:57:10 GMT
content-encoding
gzip
etag
W/"74dfe38a0620605b978a4cdb08c67ab0"
last-modified
Tue, 06 Jul 2021 21:07:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
mxZo5xj_CfEIPa9jr4HFNdsAlHRZrs8G9WUw_dMbHI5EEbaL8btu5Q==
audio-player~video-player.b536de42.css
st1.zoom.us/fe-static/recording-player/css/ Frame 0316 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/css/audio-player~video-player.b536de42.css
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a75a5402cdc9326ac5e6cd37d5bdfa16463d343ed0d2f15009faf5e3acd72d1b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 04:36:58 GMT
content-encoding
gzip
etag
W/"2b55d52b06351573278009ff9584230b"
last-modified
Wed, 09 Jun 2021 02:30:18 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
0QgKwTJZQTYO-CbmdmM0SiCjJ3Jm6FdN9tbTFSBF1GQY0C2EgRc0bQ==
audio-player~video-player.45647145.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		97 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/audio-player~video-player.45647145.js
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4acc6fc2becde757e9f95adc13baaffc8fff3d8d849c9637f2818ab8c1e62eb9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:49:03 GMT
content-encoding
gzip
etag
W/"d6cb2e6a8d857cbdad4c87bd399ac598"
last-modified
Sun, 11 Jul 2021 04:34:52 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
q-23Uk5QhDN9qRKSuUcKdltwPUaw1BDGHXyyltyrMLAO5JvAZQX3Bg==
video-player.e7a2d5a8.css
st1.zoom.us/fe-static/recording-player/css/ Frame 0316 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/css/video-player.e7a2d5a8.css
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d16700ef4ac7938276cef69b3de46baf0bde28851e6277f797eff6b68d030925

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 04:06:53 GMT
content-encoding
gzip
etag
W/"9ab947d3c1b544f9eb11f5aa431fbdc3"
last-modified
Sat, 17 Jul 2021 23:56:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
rdPhu47NgoR5E1J2SPoFK_vlD87A7byBc91_Ah7uMupSTDbNeWJcxw==
video-player.dcefb6b0.js
st1.zoom.us/fe-static/recording-player/js/ Frame 0316 		120 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st1.zoom.us/fe-static/recording-player/js/video-player.dcefb6b0.js
Requested by
Host: st1.zoom.us
URL: https://st1.zoom.us/fe-static/recording-player/js/app.bd2f96ad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4e4a1509774d3eff913581633a3a4d9519831da809c8d1d3aab4b504e3e204db

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 02:00:18 GMT
content-encoding
gzip
etag
W/"fe426819b3a515f9d66bb228192d5fbd"
last-modified
Sat, 17 Jul 2021 23:56:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C2
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
cross-origin-resource-policy
cross-origin
x-amz-cf-id
KbUXVAKxSTg1iLSWDxSNkCcQ-1dkE4C-E4mKWMtiR4wkBkPNkMAB0g==
ZoomLogo.png
us02st1.zoom.us/static/5.2.2047/image/new/ Frame 0316 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us02st1.zoom.us/static/5.2.2047/image/new/ZoomLogo.png
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.186.242 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-186-242.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1289059a37f8c8bd3223113398a599190d29fc235e14316c815a30ca698823ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us02web.zoom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 22 Sep 2021 07:09:48 GMT
via
1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront)
last-modified
Wed, 22 Sep 2021 05:45:24 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
md5:112b8a41cca8c030b70d4e25bbc6fadb
x-edge-origin-shield-skipped
0
etag
"112b8a41cca8c030b70d4e25bbc6fadb"
x-cache
Hit from cloudfront
content-type
image/png
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
2484
x-amz-cf-id
gdllptnjzKYO8UCi--alaBGWJnVV8jjOgqr-0qOnBPj-SG8bjEcBPw==
GMT20200430-200843_rob-baker-_1366x768.mp4
ssrweb.zoom.us/cmr/replay/2020/04/30/83293542788/1D0DF5D0-E6BC-4E83-A7D5-D78CD5D31139/ Frame 0316 		0
263 B 		Media
General
Check archive.org
Download Go to
Full URL
https://ssrweb.zoom.us/cmr/replay/2020/04/30/83293542788/1D0DF5D0-E6BC-4E83-A7D5-D78CD5D31139/GMT20200430-200843_rob-baker-_1366x768.mp4?response-content-type=video%2Fmp4&response-cache-control=max-age%3D0%2Cs-maxage%3D86400&data=ffef005f25886572534e485e556f783de65cdeb04c0df257de4b9e0c8c814a74&s001=yes&cid=us02&fid=EU40LW65L9LX-Ee8OfIbXYVcQsDCoLmko8EMhCZuLnaU53TnpiT8vcapCu-U4-ExobS8rE2F3uCZkpbi.J_p7-nWG3y5INX_Y&s002=nY7mcRI4sHi7He3JFdv0AH3Chw4lYpLeNzjPuek8zvMT3u0sASxfqzsG5Q.n3Utmz76XFApXrQn&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHBzOi8vc3Nyd2ViLnpvb20udXMvY21yL3JlcGxheS8yMDIwLzA0LzMwLzgzMjkzNTQyNzg4LzFEMERGNUQwLUU2QkMtNEU4My1BN0Q1LUQ3OENENUQzMTEzOS9HTVQyMDIwMDQzMC0yMDA4NDNfcm9iLWJha2VyLV8xMzY2eDc2OC5tcDQ~cmVzcG9uc2UtY29udGVudC10eXBlPXZpZGVvJTJGbXA0JnJlc3BvbnNlLWNhY2hlLWNvbnRyb2w9bWF4LWFnZSUzRDAlMkNzLW1heGFnZSUzRDg2NDAwJmRhdGE9ZmZlZjAwNWYyNTg4NjU3MjUzNGU0ODVlNTU2Zjc4M2RlNjVjZGViMDRjMGRmMjU3ZGU0YjllMGM4YzgxNGE3NCZzMDAxPXllcyZjaWQ9dXMwMiZmaWQ9RVU0MExXNjVMOUxYLUVlOE9mSWJYWVZjUXNEQ29MbWtvOEVNaENadUxuYVU1M1RucGlUOHZjYXBDdS1VNC1FeG9iUzhyRTJGM3VDWmtwYmkuSl9wNy1uV0czeTVJTlhfWSZzMDAyPW5ZN21jUkk0c0hpN0hlM0pGZHYwQUgzQ2h3NGxZcExlTnpqUHVlazh6dk1UM3Uwc0FTeGZxenNHNVEubjNVdG16NzZYRkFwWHJRbiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTYzMjM0OTIyMn19fV19&Signature=UU~a5gI~iLz9k2haY58kG0KkzZBUvRdvangbBqYirD4mrneG3RvL9taDSgaF253erJeKgG3rRX3a~J3ikFwY2UkuGpiYyKvaE9AvAhrBkFdsf-rFfGFzE~T~ylzGieofUo6fllOp2ioeBnK3O9ey9eo9HYL83OGl04g-gAZtlmEkirSOC-BqWJycJK7yIFzWoN~wLo4z2aU8aslaL0XX4q9jfYN-uvCtjxLRR4sIYygq9onbTpQRufoKwQ6lCdAwhiFy0N9ZrwI386akdiGsbJ4J7lu1uAzbRjsEWwlQTXNSykSogcsDKoG2q~j4NY-0XW~8QBQginNg5FnYJAfCpg__&Key-Pair-Id=APKAJFHNSLHYCGFYQGIA
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.240 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-240.fra2.r.cloudfront.net
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://us02web.zoom.us/
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 22 Sep 2021 21:48:49 GMT
via
1.1 90cf045072373c2c671297de3161846f.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA2-C2
x-cache
LambdaGeneratedResponse from cloudfront
content-type
text/html
content-encoding
UTF-8
content-length
0
x-amz-cf-id
WZpZCvbTP7suNWuK3CZXl-XmKXhYArpwaaZPiS23_Mczb8W-FHm8Kg==
vtt
us02web.zoom.us/rec/play/ Frame 0316 		68 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://us02web.zoom.us/rec/play/vtt?fid=EU40LW65L9LX-Ee8OfIbXYVcQsDCoLmko8EMhCZuLnaU53TnpiT8vcapCu-U4-ExobS8rE2F3uCZkpbi.J_p7-nWG3y5INX_Y&action=play
Requested by
Host: us02web.zoom.us
URL: https://us02web.zoom.us/csrf_js?t_x_zm_rid=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.235.73.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-235-73-91.compute-1.amazonaws.com
Software
/
Resource Hash
944c5d8a198fb93ca862b9a2b148ecf80523e4ef5396cd600a4f8bb3810e62fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://us02web.zoom.us/rec/play/tcJ8Ib2pq203TICU4QSDBactW9TvL6KsgyIW8_QIn023BXgFMQGlYecUZLa784RWhr3UyY4EZzoWG3jU?startTime=1588277323000&_x_zm_rtaid=V41KQYefTc2KOGU-zeAUVw.1588378508773.bf66273d3be1ba67af73af2ef85b5ef1&_x_zm_rhtaid=775
X-Requested-With
XMLHttpRequest, OWASP CSRFGuard Project
Accept-Language
de-DE,de;q=0.9
ZOOM-CSRFTOKEN
KOJV-K6N4-5ZY5-BYJZ-ERKS-K7Y4-XU70-SF4D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 21:48:49 GMT
referrer-policy
strict-origin-when-cross-origin
x-zm-trackingid
v=2.0;clid=us02;rid=WEB_aca3998110314860e2cdbca971fc9cf0
content-security-policy
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: 'self'; object-src 'none'; base-uri 'none';
content-security-policy-report-only
frame-ancestors 'self'; report-uri /csp/report/%252Frec%252Fplay%252Fvtt
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-xss-protection
1; mode=block
x-robots-tag
noindex, nofollow
content-disposition
attachment;filename=GMT20200430-200843_rob-baker-.vtt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
txt;charset=UTF-8
content-length
68
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha function| $ function| jQuery function| Popper object| bootstrap function| setErrors

7 Cookies

Domain/Path Name / Value
bookings.activatetravelsavings.com/ Name: ASP.NET_SessionId
Value: 5dehsgq33dmlha25c2uepfow
bookings.activatetravelsavings.com/ Name: saveon
Value: language=1
bookings.activatetravelsavings.com/ Name: __SORRequestVerificationToken
Value: lyTPkUvsFkS1jHOqjmKT23OiILckdlw-85W0EV8U5YDOuN5oSUuPqmHdvFktLDNjcc2S-1rCBupmH0l15YeM__gz-qA1
bookings.activatetravelsavings.com/ Name: beid
Value: LIVE-WEB21
.zoom.us/ Name: _zm_mtk_guid
Value: eabd73bc59df4d4fad6317f35200a2b6
.zoom.us/ Name: _zm_page_auth
Value: us02_c_7Dwxx99KSYKDAC0UMlhZMA
.zoom.us/ Name: _zm_ssid
Value: us02_c_N9WbgJqETHa8wDRfnKX4Mg

3 Console Messages

Source Level URL
Text
security error
Message:
[Report Only] Refused to frame 'https://us02web.zoom.us/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
deprecation warning URL: https://us02web.zoom.us/csrf_js?t_x_zm_rid=1(Line 86)
Message:
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network error URL: https://ssrweb.zoom.us/cmr/replay/2020/04/30/83293542788/1D0DF5D0-E6BC-4E83-A7D5-D78CD5D31139/GMT20200430-200843_rob-baker-_1366x768.mp4?response-content-type=video%2Fmp4&response-cache-control=max-age%3D0%2Cs-maxage%3D86400&data=ffef005f25886572534e485e556f783de65cdeb04c0df257de4b9e0c8c814a74&s001=yes&cid=us02&fid=EU40LW65L9LX-Ee8OfIbXYVcQsDCoLmko8EMhCZuLnaU53TnpiT8vcapCu-U4-ExobS8rE2F3uCZkpbi.J_p7-nWG3y5INX_Y&s002=nY7mcRI4sHi7He3JFdv0AH3Chw4lYpLeNzjPuek8zvMT3u0sASxfqzsG5Q.n3Utmz76XFApXrQn&Policy=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHBzOi8vc3Nyd2ViLnpvb20udXMvY21yL3JlcGxheS8yMDIwLzA0LzMwLzgzMjkzNTQyNzg4LzFEMERGNUQwLUU2QkMtNEU4My1BN0Q1LUQ3OENENUQzMTEzOS9HTVQyMDIwMDQzMC0yMDA4NDNfcm9iLWJha2VyLV8xMzY2eDc2OC5tcDQ~cmVzcG9uc2UtY29udGVudC10eXBlPXZpZGVvJTJGbXA0JnJlc3BvbnNlLWNhY2hlLWNvbnRyb2w9bWF4LWFnZSUzRDAlMkNzLW1heGFnZSUzRDg2NDAwJmRhdGE9ZmZlZjAwNWYyNTg4NjU3MjUzNGU0ODVlNTU2Zjc4M2RlNjVjZGViMDRjMGRmMjU3ZGU0YjllMGM4YzgxNGE3NCZzMDAxPXllcyZjaWQ9dXMwMiZmaWQ9RVU0MExXNjVMOUxYLUVlOE9mSWJYWVZjUXNEQ29MbWtvOEVNaENadUxuYVU1M1RucGlUOHZjYXBDdS1VNC1FeG9iUzhyRTJGM3VDWmtwYmkuSl9wNy1uV0czeTVJTlhfWSZzMDAyPW5ZN21jUkk0c0hpN0hlM0pGZHYwQUgzQ2h3NGxZcExlTnpqUHVlazh6dk1UM3Uwc0FTeGZxenNHNVEubjNVdG16NzZYRkFwWHJRbiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTYzMjM0OTIyMn19fV19&Signature=UU~a5gI~iLz9k2haY58kG0KkzZBUvRdvangbBqYirD4mrneG3RvL9taDSgaF253erJeKgG3rRX3a~J3ikFwY2UkuGpiYyKvaE9AvAhrBkFdsf-rFfGFzE~T~ylzGieofUo6fllOp2ioeBnK3O9ey9eo9HYL83OGl04g-gAZtlmEkirSOC-BqWJycJK7yIFzWoN~wLo4z2aU8aslaL0XX4q9jfYN-uvCtjxLRR4sIYygq9onbTpQRufoKwQ6lCdAwhiFy0N9ZrwI386akdiGsbJ4J7lu1uAzbRjsEWwlQTXNSykSogcsDKoG2q~j4NY-0XW~8QBQginNg5FnYJAfCpg__&Key-Pair-Id=APKAJFHNSLHYCGFYQGIA
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bookings.activatetravelsavings.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
ssrweb.zoom.us
st1.zoom.us
stackpath.bootstrapcdn.com
us02st1.zoom.us
us02st3.zoom.us
us02web.zoom.us
use.fontawesome.com
www.activatetravelsavings.com
www.google.com
www.gstatic.com
104.16.18.94
104.18.10.207
104.21.78.7
13.224.186.242
13.225.84.240
142.250.184.202
142.250.185.163
162.210.97.242
172.217.16.131
172.217.16.132
199.73.52.3
3.235.73.91
69.16.175.42
0a2a608519aed5b0b0156851b3d4add2acc4391ab04510f83de1837d20348c46
1289059a37f8c8bd3223113398a599190d29fc235e14316c815a30ca698823ce
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1ab46b03bb57c40d6e31af15f2d06e45671f53d284ed3b21ae3c71c0262687fc
1c9eab627784ec862dd97635d015b259fa3fdc1f58d7fd198ae0a449e6790848
1d4137bc639effce295d286afc40b9cee3aace62293528e633eaab74547342fb
24dba36cdc72af5811a83a02aa1a958c7750208115d9b4c0ca27096caaf6a268
2af9d911990117b68010c901edbf4776b9a6c449ee46a8315415d5e7a8ea8449
4640c491d74a39a4f371dab9b563a32e9b667f2737c034bc2aa0f40b45b3c3d2
4acc6fc2becde757e9f95adc13baaffc8fff3d8d849c9637f2818ab8c1e62eb9
4e4a1509774d3eff913581633a3a4d9519831da809c8d1d3aab4b504e3e204db
53a8f61d49b759b45f3c624c2a3ab4fcc2a8a1faec11bc99da55e56c40bd9a67
53ae2866fcaba569cd9e0ac4b09272cc440ee233866691c533f0a59f08d41f46
587c080125b135d29a931ed371e50ffc1a9641831c1087de2cd74532815f4560
6b3bef53dc4a96ec07149d02a60b5fd026332bbce0b4ece79f3c55e3ddb85f5c
790a7a20251fbdde7aabcf7f7f5c2d7194bd8a5fe564224e4524723abfd94a47
8186eac1300b69244a16591393d0bd01789ff4223fe9aed527f4a96bcf093a9c
842fb946718899517ce671450e99e9cf8bb1d2b9a811a957afcced60709785a9
944c5d8a198fb93ca862b9a2b148ecf80523e4ef5396cd600a4f8bb3810e62fe
96a065e94cda44431d713a766f0de97bd63f3fd2d7ae740c754ba27f1cceb646
97c3837e1801b44f2f91c78b015490ca1ee8f367d891ac8211c8a383892fd1c4
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a67394b5849e496a457bc375c14f7441043cee097ae620482f404f9de6116828
a75a5402cdc9326ac5e6cd37d5bdfa16463d343ed0d2f15009faf5e3acd72d1b
aae58eacd8a75f6ec309f51d965badc83e2815c990fe8ba0a0c96b6631572f65
b39b26f2d2c017e7e3fa566227a1eef3224eba65c23deaa0f6e7da9ec56dbc53
b66d5b0d7f3d61cec13c172364d7ac2bfcb676ff4a6488f92b5db2db9205e8a2
b8c490e04a2be43d25df6263307477469d6ef82a318809f800bedda65c4803b0
b99880b096fb40a58312a799951553278e27eb9c1726dd2ca4013dbd9dad57e9
d16700ef4ac7938276cef69b3de46baf0bde28851e6277f797eff6b68d030925
d6b35d4471bc47467c434941c0fb39a191bb2e2bae12391528415921c566d709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb795deda8983fa5310627c9584cf3f3b95d272567113500059018b3941cb267
f439ad5b81187e7db1f8740434ea7a11d2976496ba9d03281a9e9897a6717d54
f4e96ed3597fbfa7ebbfbc47068cbb537e2c40ac1afa8d8d0821e08b67f85650
fcba775e585da3a3230e9da7f232a6d3d599a51a4e83570f257e862e4fabf45d