URL: https://quiz.rfatimeshareexit.com/
Submission: On April 24 via api from US — Scanned from NL

Summary

This website contacted 11 IPs in 3 countries across 6 domains to perform 36 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is quiz.rfatimeshareexit.com.
TLS certificate: Issued by GTS CA 1P5 on April 24th 2024. Valid for: 3 months.
This is the only time quiz.rfatimeshareexit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 188.114.96.3 13335 (CLOUDFLAR...)
8 2606:4700:20:... 13335 (CLOUDFLAR...)
4 34.111.125.42 396982 (GOOGLE-CL...)
10 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 5 44.197.223.117 14618 (AMAZON-AES)
2 2600:9000:223... 16509 (AMAZON-02)
2 34.120.161.19 396982 (GOOGLE-CL...)
1 2a03:2880:f17... 32934 (FACEBOOK)
2 172.217.16.155 15169 (GOOGLE)
36 11
Apex Domain
Subdomains
Transfer
14 heyflow.cloud
fonts.heyflow.cloud — Cisco Umbrella Rank: 305202
flows.heyflow.cloud
tracking.heyflow.cloud — Cisco Umbrella Rank: 382079
fb.track.heyflow.cloud
457 KB
12 googleapis.com
storage.googleapis.com — Cisco Umbrella Rank: 361
109 KB
7 trustedform.com
api.trustedform.com — Cisco Umbrella Rank: 26285
cdn.trustedform.com — Cisco Umbrella Rank: 31039
37 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
72 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
274 B
1 rfatimeshareexit.com
quiz.rfatimeshareexit.com
9 KB
36 6
Domain Requested by
12 storage.googleapis.com quiz.rfatimeshareexit.com
5 api.trustedform.com 1 redirects api.trustedform.com
cdn.trustedform.com
5 fonts.heyflow.cloud quiz.rfatimeshareexit.com
fonts.heyflow.cloud
4 flows.heyflow.cloud quiz.rfatimeshareexit.com
flows.heyflow.cloud
3 tracking.heyflow.cloud flows.heyflow.cloud
2 fb.track.heyflow.cloud flows.heyflow.cloud
2 cdn.trustedform.com quiz.rfatimeshareexit.com
api.trustedform.com
2 connect.facebook.net quiz.rfatimeshareexit.com
connect.facebook.net
1 www.facebook.com quiz.rfatimeshareexit.com
1 quiz.rfatimeshareexit.com
36 10

This site contains links to these domains. Also see Links.

Domain
stonegatefirm.com
Subject Issuer Validity Valid
quiz.rfatimeshareexit.com
GTS CA 1P5
2024-04-24 -
2024-07-23
3 months crt.sh
heyflow.cloud
GTS CA 1P5
2024-04-13 -
2024-07-12
3 months crt.sh
flows.heyflow.cloud
GTS CA 1D4
2024-03-04 -
2024-06-02
3 months crt.sh
storage.googleapis.com
GTS CA 1C3
2024-03-18 -
2024-06-10
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-02-01 -
2024-05-01
3 months crt.sh
fb.track.heyflow.cloud
GTS CA 1D4
2024-03-20 -
2024-06-18
3 months crt.sh
*.trustedform.com
Amazon RSA 2048 M03
2023-08-11 -
2024-09-07
a year crt.sh
cdn.trustedform.com
Amazon RSA 2048 M03
2024-02-13 -
2025-03-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://quiz.rfatimeshareexit.com/
Frame ID: 83B1C885DA7EDEE1FEC31543AE89C93B
Requests: 35 HTTP requests in this frame

Screenshot

Page Title

RFA Timeshare Exit Quiz V2

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

36
Requests

97 %
HTTPS

50 %
IPv6

6
Domains

10
Subdomains

11
IPs

3
Countries

695 kB
Transfer

2150 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://api.trustedform.com/trustedform.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608 HTTP 301
  • https://cdn.trustedform.com/bootstrap.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608

36 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
quiz.rfatimeshareexit.com/
48 KB
9 KB
Document
General
Full URL
https://quiz.rfatimeshareexit.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
24b2066a749b54f5851b6f3d194fe2069ba1164462afe983a4ce0179c80e27be

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
private
cf-cache-status
DYNAMIC
cf-ray
879555056a967752-AMS
content-encoding
br
content-type
text/html
date
Wed, 24 Apr 2024 10:15:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DghwfzurvFdYZ%2BZfHt8FDDMFqhKRbeujfepdILLV8tdlSFNF2uuf11AK%2FqlnSLCmUfB1fm6O%2F0ZWueewZK9MVVaf2cB4FhFV61aFSZ%2BoBEw48eiAFMoqqmp7sR7zx92T3YdrsPIMUovKFFBb"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
via
1.1 google, 1.1 google
x-cloud-trace-context
02f30c6cb86037b67a7df0088130dc59
x-powered-by
Express
icon
fonts.heyflow.cloud/
472 B
847 B
Stylesheet
General
Full URL
https://fonts.heyflow.cloud/icon?family=Material+Icons
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
bc75d2bf05221927704d5d29a4ed8e67b6436a2eebc3cd2c83f476ca6875895d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
94096
cf-polished
origSize=571
x-powered-by
Express
last-modified
Tue, 23 Apr 2024 08:07:10 GMT
cf-bgj
minify
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gcHftCColLorKoL8KwP0Gkgl%2B%2FpJyEuyMIZ9t%2B9M8PG6XESfu3OpzFJ7MV6Uc%2FKgZEZtxjbIk1wwgFfxZMMF7%2FVsALepI07j9n2juJhH1za2ybet67ZenRCX2Orh8kLnvnunE7IWA8qPpZeA%2FVnlCYc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
53f615f35e44c16eeab7db7ade36d8e2
cache-control
private, max-age=604800
cf-ray
879555082d8b1c8c-AMS
app.css
flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/
174 KB
27 KB
Stylesheet
General
Full URL
https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.css
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.125.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.125.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d329a51b5e2750ae3c6f7d3a9b04bf03dddb838b5ec5dbc23b44f634417279b8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
gzip
via
1.1 google
x-guploader-uploadid
ABPtcPrR98XJjZYJR80XIA_NSKDTRJE0Jzl18Vmu3tuKc-oP1LrQCAz81hdOz5JRc4zWC2dRnYewTuDa3w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27369
last-modified
Wed, 24 Apr 2024 04:24:45 GMT
server
UploadServer
etag
"39bda811d6c5d7aeb09fec9b80e98c0e"
vary
Accept-Encoding
x-goog-generation
1713932684998733
content-type
text/css
access-control-allow-origin
*
x-goog-hash
crc32c=1NRRKA==, md5=Ob2oEdbF166wn+ybgOmMDg==
access-control-expose-headers
Content-Type
cache-control
no-store, max-age=0
x-goog-stored-content-length
27369
accept-ranges
bytes
expires
Wed, 24 Apr 2024 10:15:26 GMT
app.js
flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/
952 KB
308 KB
Script
General
Full URL
https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.125.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.125.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
70b9dc18fa8c8712271f09e925780ee465c356a1930f334e37ca9e6ef042b791

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
gzip
via
1.1 google
x-guploader-uploadid
ABPtcPoU8ERH2WNz73-_SL8b-J00dyxyoCQjfVk73pw21BUZHA7CsDFYGjINL3lqSFqOmvdSDg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314964
last-modified
Wed, 24 Apr 2024 04:24:45 GMT
server
UploadServer
etag
"be1f3cbf1a7ed36f231a649f4af3b555"
vary
Accept-Encoding
x-goog-generation
1713932685312704
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=LXiK9A==, md5=vh88vxp+028jGmSfSvO1VQ==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
no-store, max-age=0
x-goog-stored-content-length
314964
accept-ranges
bytes
expires
Wed, 24 Apr 2024 10:15:26 GMT
css
fonts.heyflow.cloud/
44 KB
3 KB
Stylesheet
General
Full URL
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b9b1cf043d4d78a67bca6db7d2ba7a2763f217618867b403450256f8e2e8cb0a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 24 Apr 2024 10:15:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GDeRuXqWWGgcBH7szTtYRIP58%2FZrxT6agf5d%2F33GMyFpyZDo0truHX46A2zIWHtkHaGfA3Z7n%2B1mjEoYa%2FV%2FaIXjGiGJyZKq59rjQTZtswzBxb%2F9kC4Mx%2B6IJQShv1GHAIjlKLC6oHAWbHHAGLjAl5U%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
34f990c9bc822564cc58774ba1ad43b8
cache-control
private, max-age=604800
cf-ray
879555082d8c1c8c-AMS
fb4af1c0-c297-4314-9b4f-a487c565be0b.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
8 KB
8 KB
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/fb4af1c0-c297-4314-9b4f-a487c565be0b.png
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a7b42e29e4f6ac4e4e10fe13088bea6ff92e5441d6e19f9eee3c6d838bea55b2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
x-guploader-uploadid
ABPtcPrZe9nHYm2T2kW0KYPTm5P74dobsD-sZ3y2SnWbH4Z-gnGC0LT8lAbSz92zP3M6r6oiwirlg2dORg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891443587
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=IFb8gA==, md5=iA4ffR/ksyWPTu9DL1Y7IA==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
7885
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
0df4e375-ea2b-4b86-a3d2-e996dda9c037.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
6 KB
6 KB
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/0df4e375-ea2b-4b86-a3d2-e996dda9c037.png
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ba134ae90b9d4fd5d09e86d6d93e3e89c7da75f1b6da934037ed611d5fec5db4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
x-guploader-uploadid
ABPtcPrhRNIfhcK-ifzc4U46vh2kLFaXSpc6msW3Gcy0iMrh17BrN4IfnI6F80ZGIzQh9GZYPGCjn5T3mw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891365551
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=FXpSDg==, md5=Apbug0g+RhEgSzPIbR1nMA==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
5996
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
b6f422cc-9c43-432c-af36-900a2a267aff.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
48 KB
48 KB
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/b6f422cc-9c43-432c-af36-900a2a267aff.png
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
dba72a50b1e92892f184a71bba5b240d5be137f45ac9feacee0c792f35632c7a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
x-guploader-uploadid
ABPtcPoQUTUAC68o3hwvOxKotF-6zaJS20pom-46XhgfvTukhuZuwQK7Hmd9S-d13En9OTRTEQ25MqfHNQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891451099
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=pmatkA==, md5=RbyNq4BFAzh8BSFvGBc8/w==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
45815
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
885ed6dd-539c-4765-b0ae-681547e8c79d.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
1 KB
1 KB
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/885ed6dd-539c-4765-b0ae-681547e8c79d.png
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ff699bbc54b8d092ad8034abcfa7d837dc9ff4cdd1a7634b099978d55baaaa50

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
x-guploader-uploadid
ABPtcPpaWlmd9hYUINk5VcNZDjkc9_d1LQ3LEmfsYZzrskcUSXWl6wMJBneAZQe_UBgSC2OLVjc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891456711
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=0cZ0lg==, md5=3uNUSpoZoBL3x7B0O4VBjw==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
1281
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
fbevents.js
connect.facebook.net/en_US/
218 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Apr 2024 10:15:26 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=12, mss=1294, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
p73okLnT7MvUYqYCQG8flxTblyzeLfR89MWl3AQX8JPeTr5HiFdgzsf6cfAEy1VNE/xuoxWVkZgvVsXz7k+3lQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bootstrap.js
cdn.trustedform.com/
Redirect Chain
  • https://api.trustedform.com/trustedform.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
  • https://cdn.trustedform.com/bootstrap.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
8 KB
4 KB
Script
General
Full URL
https://cdn.trustedform.com/bootstrap.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Server
2600:9000:223d:f800:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
35cbf6a6e5e7ff72ebb142669e1727de048df4fc13fc9fb5d9bd2d8334de7a71

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
https://quiz.rfatimeshareexit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Apr 2024 10:15:28 GMT
x-amz-version-id
wfT.1UDmcvoWxmr67CfqG4zKmfhVltQE
content-encoding
gzip
last-modified
Thu, 28 Mar 2024 21:16:57 GMT
server
AmazonS3
via
1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
etag
W/"e11406d1e7ba652ddbe0623e1207c210"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
knRnIPZyLOn48ci2p1CV_Jsmdugk540B7kdo-sv-Qgi0qxgHjmRyvg==

Redirect headers

location
https://cdn.trustedform.com:443/bootstrap.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
date
Wed, 24 Apr 2024 10:15:27 GMT
server
awselb/2.0
content-length
134
content-type
text/html
-nFnOHM81r4j6k0gjAW3mujVU2B2G_Bx0g.woff2
fonts.heyflow.cloud/s/dmserifdisplay/v15/
24 KB
25 KB
Font
General
Full URL
https://fonts.heyflow.cloud/s/dmserifdisplay/v15/-nFnOHM81r4j6k0gjAW3mujVU2B2G_Bx0g.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8b0ceabdff07806ce949c228d047d0824bca1bec4c3c3f83ac2cd077a24e55e5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
211379
x-powered-by
Express
content-length
24768
last-modified
Sun, 21 Apr 2024 23:32:27 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F9XRNezjIEbgDHV%2BzjhN5SjxdM9xJhmCvy2wrsbLTgeWH6xmVv%2FRyRbn5%2BAmDPK3iAHn7kYRmIjCDeN5Zx7KAJdKnwaskq9Pzudal4HbcYGvoc8uu71FDJCv8MNC5ClUbdXw%2F94LHiN8kJYR%2BsMQoGk%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
341b85b5acaa34ff2d5d5d1556c6e0e4
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
879555094c9b663a-AMS
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.heyflow.cloud/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.heyflow.cloud/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
581430
x-powered-by
Express
content-length
15744
last-modified
Wed, 17 Apr 2024 16:44:56 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GoiscZgS13qgsuGx7dBcgKm3i5B0OXixsPSI4Uzve%2BHuN%2FTyl1XpOzrSl0yR05xuZazFXsoQcTJ%2FQantNEoSetQgltPUbzrqrjDD9FcV34SJMvDWCZAH3ZIs1ixknx8QhGpV%2BfGeyQkwAi4LdqSmmNM%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
699fd2a79c3bc3ccb68edbf1836e162b
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
879555094ca1663a-AMS
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.heyflow.cloud/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.heyflow.cloud/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Roboto:300,400,500,600,700,800|DM+Serif+Display:300,400,500,600,700,800&display=swap
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
576330
x-powered-by
Express
content-length
15860
last-modified
Wed, 17 Apr 2024 18:09:56 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T31lJe2pF7SkIDqXh6P7BekrloYB3dVSc%2BjwfMLo8%2BiUDgCETvNy8pMpcVOzLO9Adye%2FOzBALW8iXvtVmZE7871drmrAfa1zZLzrvvs2QSCWD8GOU%2BXlWAz5n7H%2Bd%2BdTy0u%2FSL6AZlqsPZ03KYqbFbQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
x-cloud-trace-context
bf4fe9c778e98407dc13e97ca1a2fd14
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
879555094c9e663a-AMS
05df53b4-729d-40a9-8af9-be74e641c5fd.svg
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
29 KB
9 KB
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/05df53b4-729d-40a9-8af9-be74e641c5fd.svg
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
33dc827053f0c7f5fcbbbab0a1283ec1e8c0d1a5d7525693a88078506fa50f52

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
gzip
x-guploader-uploadid
ABPtcPpj_HlL1GUPkYIithAlqw5bykkFnlSc2lXYnGdq-S1YKqo8ELEJY9mUaOuQkkA0dnJiWSK8vwUAcQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8662
last-modified
Thu, 11 Apr 2024 14:48:40 GMT
server
UploadServer
etag
"5873f3599c1c3b5656210825653ebeee"
vary
Accept-Encoding
x-goog-generation
1712846920329826
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-hash
crc32c=SWLgBw==, md5=WHPzWZwcO1ZWIQglZT6+7g==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
8662
accept-ranges
bytes
expires
Sat, 19 Apr 2025 10:15:26 GMT
libphone.chunk.js
flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/
82 KB
22 KB
Script
General
Full URL
https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/libphone.chunk.js
Requested by
Host: flows.heyflow.cloud
URL: https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.125.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.125.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0d143c215a21deb3a5370ea90169c24c9b46c970960111076b44ec192acfdcbe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
content-encoding
gzip
via
1.1 google
x-guploader-uploadid
ABPtcPoLunVxhOZfxGYjUshxgG4U7vy7iVRhVHpftgrjpEqO8ennrPpxCkDWxF0qzwU14CgnKHWdJEMSvA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22219
last-modified
Wed, 24 Apr 2024 04:24:45 GMT
server
UploadServer
etag
"5266c9cc44a624e603c94603ba87e000"
vary
Accept-Encoding
x-goog-generation
1713932684997840
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=sXlf5g==, md5=UmbJzESmJOYDyUYDuofgAA==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
no-store, max-age=0
x-goog-stored-content-length
22219
accept-ranges
bytes
expires
Wed, 24 Apr 2024 10:15:27 GMT
/
tracking.heyflow.cloud/
0
0
Preflight
General
Full URL
https://tracking.heyflow.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://quiz.rfatimeshareexit.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, PUT
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
8795550b0e46663a-AMS
content-length
2
content-type
text/plain; charset=utf-8
date
Wed, 24 Apr 2024 10:15:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNJuuwVTmEWSjqpSQZoD8OCktAqEANGHjDjconWC%2BoiPgTyp3omhtw4lZ%2B0jSb5WwWxDwkRlPYtyZFVK%2Bj4kPodLfbFh%2FUoQRDW5Ywf8K8Vooql9K0j1Mn7obYyDitPq9kEEXj%2F2%2FlFbB%2FXBjhDtYmjrLPI%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google, 1.1 google
x-cloud-trace-context
21f77d267965b7d4cb1452e775d3dae6
/
tracking.heyflow.cloud/
2 B
314 B
XHR
General
Full URL
https://tracking.heyflow.cloud/
Requested by
Host: flows.heyflow.cloud
URL: https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://quiz.rfatimeshareexit.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
via
1.1 google, 1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET, POST, PUT
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kbfTnZQx5XyHgcZwGU7rJgeszU74UDJLUwhjtHvFgepc%2FcOfiFJwkQcVF2gbE%2FFGfyi2AnMtWZUczqbLCNdTVZfpOOimezEkJpynMl0PXKjyoF1pisJbXFMnRDpTPeHeCtqGQX99F1joXfgdFuiMEU1KN1Q%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context
42a0e7d433b4307b2fdcd221172efbda
cf-ray
8795550b5e9d663a-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
2
392076662869912
connect.facebook.net/signals/config/
66 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/392076662869912?v=2.9.154&r=stable&domain=quiz.rfatimeshareexit.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f731a766b341031f85940c542d2880d5c6755798357fa6d736b914fb3cd85efe
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Apr 2024 10:15:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=25, rtx=0, c=64, mss=1294, tbw=63205, tp=-1, tpl=-1, uplat=236, ullat=0
pragma
public
x-fb-debug
OKSbIl5hNym24frjQSDPoc73nBK/uMNLzuLhJ5KWJMoXBY+BqAcgcN5aD3d4k3nfs3kqQOOQqUb9lVBRgV4kRg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
index.chunk.js
flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/
151 KB
39 KB
Script
General
Full URL
https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/index.chunk.js
Requested by
Host: flows.heyflow.cloud
URL: https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.125.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
42.125.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
813517071effc1ace364dd43bda40e33c4a43833ebe80fc7ec94f3bc3574021b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Origin
https://quiz.rfatimeshareexit.com
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
content-encoding
gzip
via
1.1 google
x-guploader-uploadid
ABPtcPob3srgA9ywcJcmDmaXo49wZw73DpKAjgbh8TQWhtC_0wb8tzvf_dFGrZcDKGmD4KYDsoTCWgAIYw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39897
last-modified
Wed, 24 Apr 2024 04:24:45 GMT
server
UploadServer
etag
"d1eee1ed22256b1152992bd72dbda429"
vary
Accept-Encoding
x-goog-generation
1713932685001522
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=xgpHiQ==, md5=0e7h7SIlaxFSmSvXLb2kKQ==
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
no-store, max-age=0
x-goog-stored-content-length
39897
accept-ranges
bytes
expires
Wed, 24 Apr 2024 10:15:27 GMT
/
tracking.heyflow.cloud/
2 B
313 B
XHR
General
Full URL
https://tracking.heyflow.cloud/
Requested by
Host: flows.heyflow.cloud
URL: https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://quiz.rfatimeshareexit.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
via
1.1 google, 1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET, POST, PUT
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B1pVBK1S7Fw374uGm0HGa1PkP7B3arfoM1jgHX2okzWGgq3DT5%2FYBLK7Uw55JI1NKtAnxk0wxhDFEw5tYFUpd4kp%2Fe0t%2BgVC04tew6178Fn94jTvTQYru4Y6G6nrhLHHfAvt2Xt%2FqVX1cnv4yhKrRmCefA0%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context
691ded44a97f44abe1befacae02d01e4
cf-ray
8795550c1f51663a-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
2
/
fb.track.heyflow.cloud/
101 B
205 B
XHR
General
Full URL
https://fb.track.heyflow.cloud/
Requested by
Host: flows.heyflow.cloud
URL: https://flows.heyflow.cloud/rfa-timeshare-exit-quiz-v2/www/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.161.19 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
19.161.120.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
51cc95a36bb773adc16a90f92bcd50bf7ec89b563516d596654b66a1e70f4b5d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://quiz.rfatimeshareexit.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
via
1.1 google, 1.1 google
server
Google Frontend
access-control-allow-methods
GET, POST, PUT
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
acfba2cda34b571e9f58c183d28895ba
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
101
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
fb.track.heyflow.cloud/
0
0
Preflight
General
Full URL
https://fb.track.heyflow.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.161.19 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
19.161.120.34.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://quiz.rfatimeshareexit.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, PUT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
content-type
text/plain; charset=utf-8
date
Wed, 24 Apr 2024 10:15:27 GMT
server
Google Frontend
via
1.1 google, 1.1 google
x-cloud-trace-context
2fb03b8b6c35b148ce7f09a3de8db0ee
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=392076662869912&ev=PageView&dl=https%3A%2F%2Fquiz.rfatimeshareexit.com%2F%23resort&rl=&if=false&ts=1713953727483&cd[event]=PageView&cd[flow_id]=rfa-timeshare-exit-quiz-v2&cd[host]=quiz.rfatimeshareexit.com&cd[path]=%2F&cd[origin]=https%3A%2F%2Fquiz.rfatimeshareexit.com&cd[title]=RFA%20Timeshare%20Exit%20Quiz%20V2&cd[hash]=%23resort&cd[referrer]=&cd[screen_width]=1600&cd[screen_height]=1200&cd[user_id]=_m86bhf&cd[screen_id]=screen-810ea872&cd[session_id]=c8bvj4&cd[ab_variant_id]=nJTJyxEeo6SPp8uUxqHY&cd[is_embedded]=false&cd[widget_version]=3.0.6&sw=1600&sh=1200&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1713953727480.471873102&cs_est=true&ler=empty&cdl=API_unavailable&it=1713953727201&coo=false&eid=a1293s6w70cn&rqm=GET
Requested by
Host: quiz.rfatimeshareexit.com
URL: https://quiz.rfatimeshareexit.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1294, tbw=2769, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 24 Apr 2024 10:15:27 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
certs
api.trustedform.com/
475 B
686 B
XHR
General
Full URL
https://api.trustedform.com/certs
Requested by
Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.223.117 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-223-117.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
1c10cd1bd09aaf52cbb2bf7e1b278ab91caedd27d483a256d0cc0dfc03d2278a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
server
Cowboy
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
475
b47fc4a1-2637-4c8c-a07c-6d313ecf6079.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
37 KB
37 KB
Other
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/b47fc4a1-2637-4c8c-a07c-6d313ecf6079.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f27.1e100.net
Software
UploadServer /
Resource Hash
cb3edfc2a935b8141d72e390668219f0009b36fb9832cb365b0a2d0391911e2a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
x-guploader-uploadid
ABPtcPphnkxaQCVhEV8nPV-R26ouCnhOJzg2frFeOEw4LBaKiv1DFcrfSNb6fGYnYI7FafncuGk
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Mon, 22 Apr 2024 22:25:49 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1713824749593710
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=34EzVg==, md5=Cz2L2uTooDdJuLyzzha/NQ==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
31438
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:27 GMT
b47fc4a1-2637-4c8c-a07c-6d313ecf6079.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
37 KB
12 B
Other
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/b47fc4a1-2637-4c8c-a07c-6d313ecf6079.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f27.1e100.net
Software
UploadServer /
Resource Hash
cb3edfc2a935b8141d72e390668219f0009b36fb9832cb365b0a2d0391911e2a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:27 GMT
age
0
x-guploader-uploadid
ABPtcPphnkxaQCVhEV8nPV-R26ouCnhOJzg2frFeOEw4LBaKiv1DFcrfSNb6fGYnYI7FafncuGk
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Mon, 22 Apr 2024 22:25:49 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1713824749593710
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=34EzVg==, md5=Cz2L2uTooDdJuLyzzha/NQ==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
31438
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:27 GMT
trustedform-1.9.4.js
cdn.trustedform.com/
84 KB
33 KB
Script
General
Full URL
https://cdn.trustedform.com/trustedform-1.9.4.js
Requested by
Host: api.trustedform.com
URL: https://api.trustedform.com/trustedform.js?field=xxTrustedFormCertUrl&ping_field=xxTrustedFormPingUrl&l=1713953726847.8608
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:f800:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
daec1d32a4f211884695930cbc2443467f28e7bd1b1ae1afb7f2eb16349aacfe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
99pp4qPmo76AUtojH7nmQZ_9ll2PZAe4
content-encoding
gzip
via
1.1 8af5231b014ab5e8c35000dd4cf4b68c.cloudfront.net (CloudFront)
date
Wed, 24 Apr 2024 10:15:27 GMT
last-modified
Thu, 28 Mar 2024 21:16:58 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
19
etag
W/"f46641519eee44fe450f02ae72e64a74"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
r9okTNS0AXoV5Ey9W8sUatGIx2P6uXYkN-zqN-EChoSlf0i-b77G2g==
snapshot
api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/
0
159 B
XHR
General
Full URL
https://api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/snapshot
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.223.117 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-223-117.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Wed, 24 Apr 2024 10:15:28 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy
fingerprints
api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/
0
159 B
XHR
General
Full URL
https://api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/fingerprints
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.223.117 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-223-117.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Wed, 24 Apr 2024 10:15:28 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy
05df53b4-729d-40a9-8af9-be74e641c5fd.svg
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
29 KB
12 B
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/05df53b4-729d-40a9-8af9-be74e641c5fd.svg
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
33dc827053f0c7f5fcbbbab0a1283ec1e8c0d1a5d7525693a88078506fa50f52

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
content-encoding
gzip
age
2
x-guploader-uploadid
ABPtcPpj_HlL1GUPkYIithAlqw5bykkFnlSc2lXYnGdq-S1YKqo8ELEJY9mUaOuQkkA0dnJiWSK8vwUAcQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8662
last-modified
Thu, 11 Apr 2024 14:48:40 GMT
server
UploadServer
etag
"5873f3599c1c3b5656210825653ebeee"
vary
Accept-Encoding
x-goog-generation
1712846920329826
content-type
image/svg+xml
access-control-allow-origin
*
x-goog-hash
crc32c=SWLgBw==, md5=WHPzWZwcO1ZWIQglZT6+7g==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
8662
accept-ranges
bytes
expires
Sat, 19 Apr 2025 10:15:26 GMT
fb4af1c0-c297-4314-9b4f-a487c565be0b.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
8 KB
12 B
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/fb4af1c0-c297-4314-9b4f-a487c565be0b.png
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
a7b42e29e4f6ac4e4e10fe13088bea6ff92e5441d6e19f9eee3c6d838bea55b2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
age
2
x-guploader-uploadid
ABPtcPrZe9nHYm2T2kW0KYPTm5P74dobsD-sZ3y2SnWbH4Z-gnGC0LT8lAbSz92zP3M6r6oiwirlg2dORg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891443587
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=IFb8gA==, md5=iA4ffR/ksyWPTu9DL1Y7IA==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
7885
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
0df4e375-ea2b-4b86-a3d2-e996dda9c037.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
6 KB
12 B
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/0df4e375-ea2b-4b86-a3d2-e996dda9c037.png
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ba134ae90b9d4fd5d09e86d6d93e3e89c7da75f1b6da934037ed611d5fec5db4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
age
2
x-guploader-uploadid
ABPtcPrhRNIfhcK-ifzc4U46vh2kLFaXSpc6msW3Gcy0iMrh17BrN4IfnI6F80ZGIzQh9GZYPGCjn5T3mw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891365551
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=FXpSDg==, md5=Apbug0g+RhEgSzPIbR1nMA==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
5996
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
b6f422cc-9c43-432c-af36-900a2a267aff.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
48 KB
12 B
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/b6f422cc-9c43-432c-af36-900a2a267aff.png
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
dba72a50b1e92892f184a71bba5b240d5be137f45ac9feacee0c792f35632c7a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
age
2
x-guploader-uploadid
ABPtcPoQUTUAC68o3hwvOxKotF-6zaJS20pom-46XhgfvTukhuZuwQK7Hmd9S-d13En9OTRTEQ25MqfHNQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891451099
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=pmatkA==, md5=RbyNq4BFAzh8BSFvGBc8/w==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
45815
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
885ed6dd-539c-4765-b0ae-681547e8c79d.png
storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/
1 KB
12 B
Image
General
Full URL
https://storage.googleapis.com/builder.zenflow.de/rfa-timeshare-exit-quiz-v2/www/assets/885ed6dd-539c-4765-b0ae-681547e8c79d.png
Protocol
H2
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
ff699bbc54b8d092ad8034abcfa7d837dc9ff4cdd1a7634b099978d55baaaa50

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Apr 2024 10:15:26 GMT
age
2
x-guploader-uploadid
ABPtcPpaWlmd9hYUINk5VcNZDjkc9_d1LQ3LEmfsYZzrskcUSXWl6wMJBneAZQe_UBgSC2OLVjc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified
Thu, 11 Apr 2024 14:48:11 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1712846891456711
content-type
image/png
access-control-allow-origin
*
x-goog-hash
crc32c=0cZ0lg==, md5=3uNUSpoZoBL3x7B0O4VBjw==
access-control-expose-headers
Content-Type
cache-control
public, max-age=0, s-maxage=31104000
x-goog-stored-content-length
1281
accept-ranges
none
expires
Sat, 19 Apr 2025 10:15:26 GMT
truncated
/
10 KB
10 KB
Other
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
text/javascript
events
api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/
0
159 B
Ping
General
Full URL
https://api.trustedform.com/certs/f304dade09cc070b57a4d2e8c5338181b3e96f94/events
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.9.4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.223.117 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-223-117.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://quiz.rfatimeshareexit.com/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 24 Apr 2024 10:15:33 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| currentlyMounting object| heyflow function| fbq function| _fbq object| integration object| windowConstants function| filterCSS function| filterXSS function| Cleave function| flatpickr object| dataLayer object| trustedForm function| trustedFormStartRecording function| trustedFormStopRecording object| regeneratorRuntime

1 Cookies

Domain/Path Name / Value
.rfatimeshareexit.com/ Name: _fbp
Value: fb.1.1713953727480.471873102

1 Console Messages

Source Level URL
Text
other warning URL: https://connect.facebook.net/signals/config/392076662869912?v=2.9.154&r=stable&domain=quiz.rfatimeshareexit.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.trustedform.com
cdn.trustedform.com
connect.facebook.net
fb.track.heyflow.cloud
flows.heyflow.cloud
fonts.heyflow.cloud
quiz.rfatimeshareexit.com
storage.googleapis.com
tracking.heyflow.cloud
www.facebook.com
172.217.16.155
188.114.96.3
2600:9000:223d:f800:1c:7f1a:6680:93a1
2606:4700:20::681a:1f0
2a00:1450:4001:802::201b
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
34.111.125.42
34.120.161.19
44.197.223.117
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
0d143c215a21deb3a5370ea90169c24c9b46c970960111076b44ec192acfdcbe
1c10cd1bd09aaf52cbb2bf7e1b278ab91caedd27d483a256d0cc0dfc03d2278a
24b2066a749b54f5851b6f3d194fe2069ba1164462afe983a4ce0179c80e27be
33dc827053f0c7f5fcbbbab0a1283ec1e8c0d1a5d7525693a88078506fa50f52
35cbf6a6e5e7ff72ebb142669e1727de048df4fc13fc9fb5d9bd2d8334de7a71
51cc95a36bb773adc16a90f92bcd50bf7ec89b563516d596654b66a1e70f4b5d
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
70b9dc18fa8c8712271f09e925780ee465c356a1930f334e37ca9e6ef042b791
813517071effc1ace364dd43bda40e33c4a43833ebe80fc7ec94f3bc3574021b
8b0ceabdff07806ce949c228d047d0824bca1bec4c3c3f83ac2cd077a24e55e5
a7b42e29e4f6ac4e4e10fe13088bea6ff92e5441d6e19f9eee3c6d838bea55b2
b9b1cf043d4d78a67bca6db7d2ba7a2763f217618867b403450256f8e2e8cb0a
ba134ae90b9d4fd5d09e86d6d93e3e89c7da75f1b6da934037ed611d5fec5db4
bc75d2bf05221927704d5d29a4ed8e67b6436a2eebc3cd2c83f476ca6875895d
cb3edfc2a935b8141d72e390668219f0009b36fb9832cb365b0a2d0391911e2a
d329a51b5e2750ae3c6f7d3a9b04bf03dddb838b5ec5dbc23b44f634417279b8
daec1d32a4f211884695930cbc2443467f28e7bd1b1ae1afb7f2eb16349aacfe
dba72a50b1e92892f184a71bba5b240d5be137f45ac9feacee0c792f35632c7a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f731a766b341031f85940c542d2880d5c6755798357fa6d736b914fb3cd85efe
ff699bbc54b8d092ad8034abcfa7d837dc9ff4cdd1a7634b099978d55baaaa50