whatsbehindthesmokescreen.splashthat.com Open in urlscan Pro
151.101.194.133  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://info.avetta.com/NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= Page URL
2. https://whatsbehindthesmokescreen.splashthat.com/?utm_source=EXTERNALPROMOTIONS&utm_medium=Email&utm_id=7014u000001EwxbAAC&mkt_tok=NzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	302	NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= info.avetta.com/	615 B 1 KB	898ms 455ms	Document text/html	104.17.70.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://info.avetta.com/NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'self'; img-src 'self';script-src 'self' 'sha256-1t/Gg90Oxd2TkaxXf52Q/5EGvk9LcSwrcmRMbOOxJ1Y=';object-src 'none';form-action:'none';frame-src:'none' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control private, no-cache, no-store, max-age=0 cf-cache-status DYNAMIC cf-ray 7befa3f37fb635ff-FRA content-security-policy default-src 'self'; img-src 'self';script-src 'self' 'sha256-1t/Gg90Oxd2TkaxXf52Q/5EGvk9LcSwrcmRMbOOxJ1Y=';object-src 'none';form-action:'none';frame-src:'none' content-type text/html;charset=UTF-8 date Fri, 28 Apr 2023 13:27:03 GMT referrer-policy strict-origin server cloudflare x-content-type-options nosniff x-frame-options SAMEORIGIN x-request-id f6272bb287ad4689
GET H2	403	Primary Request / Show response whatsbehindthesmokescreen.splashthat.com/	585 B 1 KB	36ms 12ms	Document text/html	151.101.194.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://whatsbehindthesmokescreen.splashthat.com/?utm_source=EXTERNALPROMOTIONS&utm_medium=Email&utm_id=7014u000001EwxbAAC&mkt_tok=NzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE Requested by Host: info.avetta.com URL: https://info.avetta.com/NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.194.133 , United States, ASN54113 (FASTLY, US), Reverse DNS Software DataDome / Resource Hash 6e96cdc68801249576ea099ca648b3af5bc0406610326e496a60d26b19dbf9f3 Security Headers Name Value Strict-Transport-Security Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Request headers Referer https://info.avetta.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory accept-ranges bytes cache-control max-age=0, private, no-cache, no-store, must-revalidate charset utf-8 content-length 585 content-type text/html;charset=utf-8 date Fri, 28 Apr 2023 13:27:03 GMT pragma no-cache server DataDome strict-transport-security Strict-Transport-Security: max-age=63072000; includeSubDomains; preload via 1.1 varnish x-cache MISS x-cache-hits 0 x-datadome protected x-datadome-cid AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg== x-datadome-traffic-rule-response block x-served-by cache-fra-eddf8230108-FRA x-timer S1682688423.457297,VS0,VE5
GET H2	200	c.js Show response ct.captcha-delivery.com/	5 KB 5 KB	51ms 7ms	Script application/javascript	18.66.147.28 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ct.captcha-delivery.com/c.js Requested by Host: whatsbehindthesmokescreen.splashthat.com URL: https://whatsbehindthesmokescreen.splashthat.com/?utm_source=EXTERNALPROMOTIONS&utm_medium=Email&utm_id=7014u000001EwxbAAC&mkt_tok=NzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.147.28 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-147-28.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash d327fdebb5a02dd43a2ca128e50366f059518860adc8a952158e4cb23c5e01a1 Request headers accept-language de-DE,de;q=0.9 Referer https://whatsbehindthesmokescreen.splashthat.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 12:29:18 GMT via 1.1 19dbc4cbbe0be3dca8e57283a83b57c6.cloudfront.net (CloudFront) last-modified Mon, 24 Apr 2023 12:29:15 GMT server AmazonS3 x-amz-cf-pop FRA60-P4 age 3466 etag "1f4a021d560d6a4b9ea35954db49aeab" x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-type application/javascript accept-ranges bytes content-length 5163 x-amz-cf-id g8Ry8e3ONm8mNhqRYvoZtCfvuEZXIIIMXkH9WzPIbkCjB8oWRARxlw==
GET H/1.1	200 OK	/ Show response geo.captcha-delivery.com/captcha/ Frame 6B5C	22 KB 7 KB	56ms 13ms	Document text/html	3.125.247.22 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Requested by Host: ct.captcha-delivery.com URL: https://ct.captcha-delivery.com/c.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.125.247.22 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-125-247-22.eu-central-1.compute.amazonaws.com Software / Resource Hash e3ac25eeb8798a39e1a8dac082b7dbd0bf7b640e9a32b937405377ecef8dc5ad Request headers Referer https://whatsbehindthesmokescreen.splashthat.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Origin * Content-Encoding gzip Content-Type text/html;charset=utf-8 Date Fri, 28 Apr 2023 13:27:03 GMT Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	index.css static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/ Frame 6B5C	6 KB 2 KB	53ms 9ms	Stylesheet text/css	2600:9000:2251:d000:7:c516:5a80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:d000:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ed243a7fa712a26559089ad5eadb7bffb314357ac21966fe20f5cef1fb6355b1 Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id null content-encoding gzip via 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront) date Fri, 28 Apr 2023 00:59:23 GMT last-modified Tue, 09 Jul 2019 14:35:24 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 44861 etag W/"8ba3717dee9fac12ab09dda082b49fac" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css x-amz-cf-id AA6-u19oGcK4_nIkL9pPlfGZg89T74JWjbfXPRy28AqXh_Xi3QVHBw==
GET H2	200	font-face.css static.captcha-delivery.com/common/fonts/roboto/ Frame 6B5C	287 B 638 B	54ms 11ms	Stylesheet text/css	2600:9000:2251:d000:7:c516:5a80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.captcha-delivery.com/common/fonts/roboto/font-face.css Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:d000:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 03cd31e4d3c37c852aec70f0c5bb40641131ba56ea401ba48b7b5d4c68f3d39a Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id null date Fri, 28 Apr 2023 02:59:00 GMT via 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront) last-modified Fri, 06 May 2022 16:47:07 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 37684 etag "6fda0c9bdd9b51bc0805fa37f22eb90b" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css accept-ranges bytes content-length 287 x-amz-cf-id 8aQuNEIeyONc1rJZLJdAz5DJ98CUwuQ2DMOC_U1rhKrySzhMpeJ25g==
GET H2	200	logo.png static.captcha-delivery.com/captcha/assets/set/ca1b7797566e850c3e583a2fbda610a51d5504ca/ Frame 6B5C	3 KB 3 KB	162ms 120ms	Image image/png	2600:9000:2251:d000:7:c516:5a80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.captcha-delivery.com/captcha/assets/set/ca1b7797566e850c3e583a2fbda610a51d5504ca/logo.png?update_cache=1487917295348411676 Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:d000:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 8a5f9d4d8b3a1336aa406277a6c9e254158eca89b15d31452a9393b081ea0ed0 Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 13:27:04 GMT x-amz-version-id null via 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront) last-modified Tue, 10 Nov 2020 14:12:33 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 etag "48f2f1d03250c6086649359ba3adb8b6" x-cache Miss from cloudfront content-type image/png cache-control public accept-ranges bytes content-length 3128 x-amz-cf-id mhOYqxwP2N2cBAAWSvtVwxe2rNgZJZLsaWpZbGTW14KY5yHoQp8cZw==
GET H2	200	loading_spinner.gif static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/ Frame 6B5C	44 KB 44 KB	55ms 13ms	Image image/gif	2600:9000:2251:d000:7:c516:5a80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/loading_spinner.gif Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:d000:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash fab79f1dfdc7b759da9e1c4d80169bc879352b47bf0cf9352e3eeaed39e55de7 Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers x-amz-version-id null date Fri, 28 Apr 2023 01:45:21 GMT via 1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront) last-modified Tue, 31 Jul 2018 12:27:34 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 age 42103 etag "18be94cf37fa0da67af3c46ddebca50a" vary Accept-Encoding x-cache Hit from cloudfront content-type image/gif accept-ranges bytes content-length 44663 x-amz-cf-id 78Og0ktnx_QCJuUyFShCM1hyAKdDeDf5XMsBxTUgCtweNmFdi48OyQ==
GET H2	200	tags.js Show response js.datadome.co/ Frame 6B5C	273 KB 57 KB	39ms 8ms	Script text/javascript	18.66.122.18 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.datadome.co/tags.js Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.18 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-18.fra60.r.cloudfront.net Software Apache / Resource Hash b2cbff271b2a424800d91db247d534e06414e5c5a91a6fcf6b9ce59539097f7c Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 12:48:28 GMT strict-transport-security max-age=15768000 content-encoding gzip via 1.1 db1cc9ceb7681bf2a56c0f22acac3a36.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P2 age 2315 x-cache Hit from cloudfront content-length 57667 last-modified Mon, 24 Apr 2023 12:48:19 GMT server Apache etag "445f8-5fa146bd7ac68-gzip" vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control max-age=3600, public accept-ranges bytes x-amz-cf-id piN_AnIrBtUuILyrGxc56su5LusxZZxcmVstfohu5t4HLssQiLeg7Q== expires Fri, 28 Apr 2023 13:48:28 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/ Frame 6B5C	916 B 903 B	135ms 48ms	Script text/javascript	2a00:1450:4001:82f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?onload=recaptchaLoadCallback&render=explicit&hl=de Requested by Host: geo.captcha-delivery.com URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMA6XQ5DZSdDsYAudWbpg%3D%3D&hash=3BA67E83B5E1C93C86A6F784C53F4C&cid=2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3&t=fe&referer=https%3A%2F%2Fwhatsbehindthesmokescreen.splashthat.com%2F%3Futm_source%3DEXTERNALPROMOTIONS%26utm_medium%3DEmail%26utm_id%3D7014u000001EwxbAAC%26mkt_tok%3DNzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE&s=20143&e=a914f0f0f3979a5eb55290c84f83acef287245325a1ae6ca53ca662585667c17 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 3d5670917edcfac180c597895da38e555048e57dd98bf74dd8ba1406a0d89bff Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://geo.captcha-delivery.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 13:27:03 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 583 x-xss-protection 1; mode=block expires Fri, 28 Apr 2023 13:27:03 GMT
POST H2	200	/ Show response api-js.datadome.co/js/ Frame 6B5C	241 B 419 B	55ms 12ms	XHR application/json	35.157.163.114 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api-js.datadome.co/js/ Requested by Host: js.datadome.co URL: https://js.datadome.co/tags.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.157.163.114 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-157-163-114.eu-central-1.compute.amazonaws.com Software DataDome / Resource Hash 1d88db204f41ffda3a69071177f278684bfaef720e5f163cd89a36111c33565d Request headers Referer https://geo.captcha-delivery.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers pragma no-cache date Fri, 28 Apr 2023 13:27:03 GMT server DataDome content-type application/json;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, must-revalidate content-length 241 expires 0
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ Frame 6B5C	410 KB 165 KB	142ms 39ms	Script text/javascript	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?onload=recaptchaLoadCallback&render=explicit&hl=de Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2f1d9b491b08daadc738115c579f9cc1b85b29078fdefe99ad994f9db0f5da22 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://geo.captcha-delivery.com/ Origin https://geo.captcha-delivery.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 11:54:00 GMT content-encoding gzip x-content-type-options nosniff age 5583 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 168688 x-xss-protection 0 last-modified Fri, 21 Apr 2023 01:25:41 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 27 Apr 2024 11:54:00 GMT
GET H2	200	anchor Show response www.google.com/recaptcha/api2/ Frame 5FF6	50 KB 28 KB	59ms 58ms	Document text/html	2a00:1450:4001:82f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__de.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 7f7fa03ebca933573ff9455e9ba09ee8d7375050031c60130a696480ee2b5ede Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-Sf_LjfhNzH3MUI3fuNbTTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://geo.captcha-delivery.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-length 28014 content-security-policy script-src 'report-sample' 'nonce-Sf_LjfhNzH3MUI3fuNbTTg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Fri, 28 Apr 2023 13:27:04 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ Frame 5FF6	55 KB 24 KB	123ms 39ms	Stylesheet text/css	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 27 Apr 2023 21:06:40 GMT content-encoding gzip x-content-type-options nosniff age 58824 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24605 x-xss-protection 0 last-modified Fri, 21 Apr 2023 01:25:41 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 26 Apr 2024 21:06:40 GMT
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ Frame 5FF6	410 KB 165 KB	122ms 39ms	Script text/javascript	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2f1d9b491b08daadc738115c579f9cc1b85b29078fdefe99ad994f9db0f5da22 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 11:54:00 GMT content-encoding gzip x-content-type-options nosniff age 5584 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 168688 x-xss-protection 0 last-modified Fri, 21 Apr 2023 01:25:41 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 27 Apr 2024 11:54:00 GMT
GET DATA	200 OK	truncated / Frame 5FF6	14 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 5FF6	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Content-Type image/png
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 5FF6	2 KB 2 KB	41ms 39ms	Image image/png	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 22 Apr 2023 23:52:14 GMT x-content-type-options nosniff age 480890 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes expires Sat, 29 Apr 2023 23:52:14 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 5FF6	15 KB 16 KB	145ms 40ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Sat, 22 Apr 2023 22:24:03 GMT x-content-type-options nosniff age 486181 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 21 Apr 2024 22:24:03 GMT
GET H3	200	webworker.js www.google.com/recaptcha/api2/ Frame 5FF6	102 B 134 B	49ms 48ms	Other text/javascript	2a00:1450:4001:82f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=4PnKmGB9wRHh1i04o7YUICeI Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash be00e32745c8f3253a510efcfb4c728f018a4bb685589b668c460af2064b6135 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T&co=aHR0cHM6Ly9nZW8uY2FwdGNoYS1kZWxpdmVyeS5jb206NDQz&hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&size=normal&cb=heujpulypj1i User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 13:27:04 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE cross-origin-embedder-policy require-corp x-frame-options SAMEORIGIN report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 112 x-xss-protection 1; mode=block expires Fri, 28 Apr 2023 13:27:04 GMT
GET H3	200	bframe Show response www.google.com/recaptcha/api2/ Frame 9D1B	7 KB 1 KB	52ms 48ms	Document text/html	2a00:1450:4001:82f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/bframe?hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 71cb9f678d06b771bb3d008823bdd486c8a18886b0c18bb8e0f1d3d6413f48c2 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-77vL-3BqSOQro4RgFw1ehQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://geo.captcha-delivery.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-length 1145 content-security-policy script-src 'report-sample' 'nonce-77vL-3BqSOQro4RgFw1ehQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Fri, 28 Apr 2023 13:27:04 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ Frame 9D1B	55 KB 24 KB	39ms 38ms	Stylesheet text/css	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Thu, 27 Apr 2023 21:06:40 GMT content-encoding gzip x-content-type-options nosniff age 58824 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24605 x-xss-protection 0 last-modified Fri, 21 Apr 2023 01:25:41 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Fri, 26 Apr 2024 21:06:40 GMT
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/ Frame 9D1B	410 KB 165 KB	41ms 41ms	Script text/javascript	2a00:1450:4001:810::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/4PnKmGB9wRHh1i04o7YUICeI/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=4PnKmGB9wRHh1i04o7YUICeI&k=6LcSzk8bAAAAAOTkPCjprgWDMPzo_kgGC3E5Vn-T Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2f1d9b491b08daadc738115c579f9cc1b85b29078fdefe99ad994f9db0f5da22 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers date Fri, 28 Apr 2023 11:54:00 GMT content-encoding gzip x-content-type-options nosniff age 5584 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 168688 x-xss-protection 0 last-modified Fri, 21 Apr 2023 01:25:41 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 27 Apr 2024 11:54:00 GMT

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| dd undefined| isIframeLoaded undefined| maxTimeoutMs undefined| initialTime function| iframeOnload

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.info.avetta.com/	1970-01-20 11:24:50	Name: __cf_bm Value: uAUpQtPc5czxtuC7yaBvmGGXluLdsa0t1FC56z4EMf8-1682688423-0-AWIQJj6thCQA2Zo7hNMe+Lk0rKG4oc8LnJt3BQfwFR20cZrUQlFua+PCg9xgPeEJf40quFG0JE74IYXasrrMzA4=
			.splashthat.com/	1970-01-20 20:10:24	Name: datadome Value: 2Y2gOfj5YsooNocTJMwFeyeDu5S1AebICoQBjxwnUHxsYCfy92t~pPUO-RJAz_yLuN2Lkmgiv_MWAjHQq2-oAaxmGIyWfl6sATpR1Q9PaEGRNQiOoMPOErH0k3Sj4ZA3

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://info.avetta.com/NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= Message: The Content-Security-Policy directive name 'form-action:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://info.avetta.com/NzUyLUJWSC03NTMAAAGLYvHnT7ingTJ7zCppe0Si5t4IIzA8GO8gQWDfhOkrH2bNSwRI2rBVxyJCd5OuGbEB85vrDZs= Message: The Content-Security-Policy directive name 'frame-src:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
network	error	URL: https://whatsbehindthesmokescreen.splashthat.com/?utm_source=EXTERNALPROMOTIONS&utm_medium=Email&utm_id=7014u000001EwxbAAC&mkt_tok=NzUyLUJWSC03NTMAAAGLYvHnT_SGZxTswH377LC2l1eT36kwXAPzA9k-tlZm1AyEGd8jDnhwUjvp2USNwbdnOllitRDlH4el-V_F-v-vkKiPCFEA0Fk5CKj6nPhe8f0f0GE Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-1t/Gg90Oxd2TkaxXf52Q/5EGvk9LcSwrcmRMbOOxJ1Y=';object-src 'none';form-action:'none';frame-src:'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-js.datadome.co
ct.captcha-delivery.com
fonts.gstatic.com
geo.captcha-delivery.com
info.avetta.com
js.datadome.co
static.captcha-delivery.com
whatsbehindthesmokescreen.splashthat.com
www.google.com
www.gstatic.com
104.17.70.206
151.101.194.133
18.66.122.18
18.66.147.28
2600:9000:2251:d000:7:c516:5a80:93a1
2a00:1450:4001:810::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2003
3.125.247.22
35.157.163.114
03cd31e4d3c37c852aec70f0c5bb40641131ba56ea401ba48b7b5d4c68f3d39a
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d88db204f41ffda3a69071177f278684bfaef720e5f163cd89a36111c33565d
2f1d9b491b08daadc738115c579f9cc1b85b29078fdefe99ad994f9db0f5da22
3d5670917edcfac180c597895da38e555048e57dd98bf74dd8ba1406a0d89bff
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
6e96cdc68801249576ea099ca648b3af5bc0406610326e496a60d26b19dbf9f3
71cb9f678d06b771bb3d008823bdd486c8a18886b0c18bb8e0f1d3d6413f48c2
7f7fa03ebca933573ff9455e9ba09ee8d7375050031c60130a696480ee2b5ede
8a5f9d4d8b3a1336aa406277a6c9e254158eca89b15d31452a9393b081ea0ed0
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
b2cbff271b2a424800d91db247d534e06414e5c5a91a6fcf6b9ce59539097f7c
be00e32745c8f3253a510efcfb4c728f018a4bb685589b668c460af2064b6135
d327fdebb5a02dd43a2ca128e50366f059518860adc8a952158e4cb23c5e01a1
e3ac25eeb8798a39e1a8dac082b7dbd0bf7b640e9a32b937405377ecef8dc5ad
ed243a7fa712a26559089ad5eadb7bffb314357ac21966fe20f5cef1fb6355b1
fab79f1dfdc7b759da9e1c4d80169bc879352b47bf0cf9352e3eeaed39e55de7