offtherecord.com Open in urlscan Pro
13.224.189.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://fight.offtherecord.com/
Effective URL:
https://offtherecord.com/
Submission: On December 07 via api (December 7th 2022, 9:34:07 pm UTC) from US — Scanned from DE

Summary HTTP 195 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 33 IPs in 3 countries across 25 domains to perform 195 HTTP transactions. The main IP is 13.224.189.100, located in United States and belongs to AMAZON-02, US. The main domain is offtherecord.com.
TLS certificate: Issued by Amazon on January 15th 2022. Valid for: a year.

This is the only time offtherecord.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.193.8.172 54.193.8.172	16509 (AMAZON-02) (AMAZON-02)
65	13.224.189.100 13.224.189.100	16509 (AMAZON-02) (AMAZON-02)
16	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:600... 2a04:4e42:600::729	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
9	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	35.201.112.186 35.201.112.186	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	34.199.59.102 34.199.59.102	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20e... 2600:9000:20eb:c600:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	54.172.247.4 54.172.247.4	14618 (AMAZON-AES) (AMAZON-AES)
4	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	13.224.189.123 13.224.189.123	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
4	2600:9000:20e... 2600:9000:20eb:2000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:e200:1e:9742:1680:21	16509 (AMAZON-02) (AMAZON-02)
2	13.224.189.66 13.224.189.66	16509 (AMAZON-02) (AMAZON-02)
10	52.218.220.115 52.218.220.115	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	13.224.189.86 13.224.189.86	16509 (AMAZON-02) (AMAZON-02)
16	13.224.189.67 13.224.189.67	16509 (AMAZON-02) (AMAZON-02)
1	13.224.189.34 13.224.189.34	16509 (AMAZON-02) (AMAZON-02)
3	13.224.189.6 13.224.189.6	16509 (AMAZON-02) (AMAZON-02)
195	33

1 54.193.8.172 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-193-8-172.us-west-1.compute.amazonaws.com

fight.offtherecord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 13.224.189.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-100.fra2.r.cloudfront.net

offtherecord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.112.186 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.199.59.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-59-102.compute-1.amazonaws.com

otr-backend-service-us-prod.offtherecord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:c600:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.172.247.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-247-4.compute-1.amazonaws.com

wchat.freshchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-123.fra2.r.cloudfront.net

tag.getdrip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20eb:2000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:e200:1e:9742:1680:21 (United States)

ASN16509 (AMAZON-02, US)

d14jnfavjicsbe.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-66.fra2.r.cloudfront.net

api.getdrip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.218.220.115 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-w.amazonaws.com

off-the-record-service.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o485979.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-86.fra2.r.cloudfront.net

snippets.freshchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 13.224.189.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-67.fra2.r.cloudfront.net

assetscdn-wchat.freshchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-34.fra2.r.cloudfront.net

rts-static-prod.freshworksapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.189.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-6.fra2.r.cloudfront.net

httpsofftherecordcom.webpush.freshchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	offtherecord.com 1 redirects fight.offtherecord.com offtherecord.com otr-backend-service-us-prod.offtherecord.com	5 MB
30	freshchat.com wchat.freshchat.com — Cisco Umbrella Rank: 10098 snippets.freshchat.com — Cisco Umbrella Rank: 52678 assetscdn-wchat.freshchat.com — Cisco Umbrella Rank: 17064 httpsofftherecordcom.webpush.freshchat.com	785 KB
16	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1664 ka-p.fontawesome.com — Cisco Umbrella Rank: 4297	483 KB
10	amazonaws.com off-the-record-service.s3.amazonaws.com
9	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5056	95 KB
8	gstatic.com fonts.gstatic.com	131 KB
7	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 2404 rs.fullstory.com — Cisco Umbrella Rank: 2282	83 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 51	5 KB
4	branch.io api2.branch.io — Cisco Umbrella Rank: 582	2 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	200 KB
3	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 83	58 KB
3	getdrip.com tag.getdrip.com — Cisco Umbrella Rank: 25788 api.getdrip.com — Cisco Umbrella Rank: 28393	3 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 420	12 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 38	21 KB
3	google.com apis.google.com — Cisco Umbrella Rank: 110 www.google.com — Cisco Umbrella Rank: 2	112 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	203 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	90 KB
2	sentry-cdn.com browser.sentry-cdn.com — Cisco Umbrella Rank: 4304	22 KB
1	freshworksapi.com rts-static-prod.freshworksapi.com — Cisco Umbrella Rank: 11943	25 KB
1	sentry.io o485979.ingest.sentry.io	317 B
1	cloudfront.net d14jnfavjicsbe.cloudfront.net	29 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5234	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 98	442 B
1	app.link app.link — Cisco Umbrella Rank: 1938	593 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 170	15 KB
195	25

	Domain	Requested by
65	offtherecord.com	offtherecord.com browser.sentry-cdn.com
16	assetscdn-wchat.freshchat.com	wchat.freshchat.com assetscdn-wchat.freshchat.com
14	ka-p.fontawesome.com	kit.fontawesome.com offtherecord.com
10	off-the-record-service.s3.amazonaws.com	offtherecord.com
10	wchat.freshchat.com	offtherecord.com wchat.freshchat.com assetscdn-wchat.freshchat.com
9	dev.visualwebsiteoptimizer.com	offtherecord.com dev.visualwebsiteoptimizer.com browser.sentry-cdn.com
8	fonts.gstatic.com	fonts.googleapis.com
8	otr-backend-service-us-prod.offtherecord.com	browser.sentry-cdn.com
5	fonts.googleapis.com	offtherecord.com
4	api2.branch.io	browser.sentry-cdn.com
4	rs.fullstory.com	browser.sentry-cdn.com edge.fullstory.com
4	connect.facebook.net	offtherecord.com connect.facebook.net
3	httpsofftherecordcom.webpush.freshchat.com	wchat.freshchat.com httpsofftherecordcom.webpush.freshchat.com
3	lh3.googleusercontent.com	offtherecord.com
3	bat.bing.com	offtherecord.com bat.bing.com
3	www.google-analytics.com	offtherecord.com www.google-analytics.com browser.sentry-cdn.com
3	edge.fullstory.com	offtherecord.com browser.sentry-cdn.com rs.fullstory.com
2	api.getdrip.com	d14jnfavjicsbe.cloudfront.net
2	www.facebook.com	offtherecord.com
2	www.googletagmanager.com	offtherecord.com
2	apis.google.com	offtherecord.com apis.google.com
2	browser.sentry-cdn.com	offtherecord.com
2	kit.fontawesome.com	offtherecord.com kit.fontawesome.com
1	rts-static-prod.freshworksapi.com	assetscdn-wchat.freshchat.com
1	snippets.freshchat.com	offtherecord.com
1	o485979.ingest.sentry.io	browser.sentry-cdn.com
1	d14jnfavjicsbe.cloudfront.net	tag.getdrip.com
1	www.google.de	offtherecord.com
1	www.google.com	offtherecord.com
1	stats.g.doubleclick.net	browser.sentry-cdn.com
1	tag.getdrip.com	offtherecord.com
1	app.link	offtherecord.com
1	www.googleadservices.com	offtherecord.com
1	fight.offtherecord.com	1 redirects
195	34

This site contains links to these domains. Also see Links.

Domain
www.kiro7.com
kmph.com
www.king5.com
www.geekwire.com
www.facebook.com
www.reviews.io
www.google.com
fight.offtherecord.com
play.google.com
mylawfirm.offtherecord.com
facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
*.offtherecord.com Amazon	`2022-01-15` - `2023-02-13`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-28` - `2023-10-30`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-16` - `2022-12-15`	3 months	crt.sh
edge.fullstory.com GTS CA 1D4	`2022-12-03` - `2023-03-03`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
appipv4.link Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh
*.freshchat.com Amazon	`2022-03-23` - `2023-04-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.fullstory.com R3	`2022-10-12` - `2023-01-10`	3 months	crt.sh
*.getdrip.com Amazon	`2022-01-28` - `2023-02-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2022-10-17` - `2023-11-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.s3.amazonaws.com Amazon	`2022-09-21` - `2023-08-26`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.ingest.sentry.io R3	`2022-10-19` - `2023-01-17`	3 months	crt.sh
freshchat.com Amazon	`2022-07-11` - `2023-08-09`	a year	crt.sh
freshworksapi.com Amazon	`2022-01-03` - `2023-01-31`	a year	crt.sh
*.wchat.webpush.myfreshworks.com Amazon	`2022-07-06` - `2023-08-04`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://offtherecord.com/
Frame ID: 7FAECA7118FEC31401219AE6ADF7D516
Requests: 183 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7F242035A9585E6F269510CA14255CC8
Requests: 1 HTTP requests in this frame

Frame: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Frame ID: 03F64DE04F1A90F59CC379430910A413
Requests: 25 HTTP requests in this frame

Frame: https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Frame ID: FFEECD350849334581F9E66023D7D987
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fight Your Moving Violation | Traffic Ticket Lawyer Local & Online

Page URL History Show full URLs

http://fight.offtherecord.com/ HTTP 307
https://offtherecord.com/ Page URL

Detected technologies

Sentry (Issue Trackers) Expand

Overall confidence: 100%
Detected patterns

browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
\bangular.{0,32}\.js

Freshchat (Live Chat) Expand

Overall confidence: 100%
Detected patterns

wchat\.freshchat\.com/js/widget\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

195
Requests

99 %
HTTPS

52 %
IPv6

25
Domains

34
Subdomains

33
IPs

3
Countries

6827 kB
Transfer

18504 kB
Size

21
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.kiro7.com/news/local/got-at-ticket-theres-an-app-for-that/273024500/

Search URL Search Domain Scan URL

URL: https://kmph.com/news/local/traffic-ticket-theres-an-app-for-that

Search URL Search Domain Scan URL

URL: https://www.king5.com/video/news/local/new-app-helps-drivers-fight-traffic-tickets/281-922497

Search URL Search Domain Scan URL

URL: https://www.geekwire.com/2016/off-record-speeding-ticket-app/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OffTheRecordApp/
Title: 4.58 656 reviews

Search URL Search Domain Scan URL

URL: https://www.reviews.io/company-reviews/store/offtherecord-com
Title: 4.95 2180 reviews

Search URL Search Domain Scan URL

URL: https://www.google.com/search?q=off+the+record+fight+your+ticket
Title: 4.77 1209 reviews

Search URL Search Domain Scan URL

URL: https://fight.offtherecord.com/a/key_live_oik1hC6SvaFGaQl6L4f5chghyqkDbk9G?channel=website&feature=iOSBadge&stage=footer&$fallback_url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1032930471%3Fpt%3D117925041%26ct%3Dcustomer_website%26mt%3D8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.offtherecord.otr_mobile_app&referrer=utm_source%3Dwebsite%26utm_medium%3Dfooter

Search URL Search Domain Scan URL

URL: https://mylawfirm.offtherecord.com/
Title: Law Firm Portal

Search URL Search Domain Scan URL

URL: https://facebook.com/OffTheRecordApp

Search URL Search Domain Scan URL

URL: https://twitter.com/OffTheRecordApp

Search URL Search Domain Scan URL

URL: https://www.instagram.com/offtherecordapp/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://fight.offtherecord.com/ HTTP 307
https://offtherecord.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

195 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
offtherecord.com/
Redirect Chain

http://fight.offtherecord.com/
https://offtherecord.com/

9 KB
3 KB

264ms
224ms

Document
text/html

13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 21c4a6458b28a11e5a627e50755b0519962743a4c9bf7847bc29a76ab3fa1c83

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Dec 2022 21:33:58 GMT
etag: W/"23e1-184edb457d0"
expires: 0
last-modified: Wed, 07 Dec 2022 17:48:50 GMT
server: nginx/1.20.0
vary: Accept-Encoding
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-id: _0263EuTVNfGcG7uSjoRSfTyKi639CzwNQoRNPgNLL6r-Hoq_tUVQg==
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
x-powered-by: Express

Redirect headers

Connection: keep-alive
Date: Wed, 07 Dec 2022 21:33:57 GMT
Last-Modified: Wed, 07 Dec 2022 21:33:57 GMT
Location: https://offtherecord.com
Server: openresty
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked

GET
H2 200 af20baf93e.js Show response
kit.fontawesome.com/ 11 KB
4 KB 89ms
48ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/af20baf93e.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9dc51a4567e3f477c625dd64bb07175d5de9c5bacec92e645c8430afe2fbff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 776061f7afb3bbad-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FyfRDwbkekwZm5QAGmRi

GET
H2 200 bundle.min.js Show response
browser.sentry-cdn.com/6.19.7/ 65 KB
21 KB 23ms
6ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Apr 2022 13:11:05 GMT
server: Fastly
age: 19468749
etag: "4dc87c1e025f84ef0d14fe9187946dfd"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 20887
expires: Wed, 26 Apr 2023 13:34:47 GMT

GET
H2 200 angular.min.js Show response
browser.sentry-cdn.com/6.19.7/ 2 KB
976 B 25ms
8ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/6.19.7/angular.min.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Tue, 26 Apr 2022 13:11:05 GMT
server: Fastly
age: 549123
etag: "14f18525c8f97317f08d5cc6f80a1953"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 882
expires: Fri, 01 Dec 2023 13:01:54 GMT

GET
H2 200 293.8903fb93146eeb696028.js Show response
offtherecord.com/ 6 MB
1 MB 14ms
14ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 643fb7629b665c0f93d4ab0f830f568d434426ff28f21b990ff0f4cf9117148b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:41:04 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:48:50 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 3174
x-powered-by: Express
etag: W/"663449-184edb457d0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: 8vSU43oXqYgmG4Mri0SKo4whtapD8FPI2o4CKFxYZfHuQKvvgtMu0w==

GET
H2 200 main.6a85d2734327ea951676.js Show response
offtherecord.com/ 1 MB
193 KB 15ms
15ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/main.6a85d2734327ea951676.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 9555678057f76f7f2eafb7e3b315b4c75b89470e5c297c7b9f72800509ce03cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:41:04 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:48:50 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 3174
x-powered-by: Express
etag: W/"1563c0-184edb457d0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: Fubg0iilAO8KGPReX3Qg7S7mX_6ScrYzfHZZ6CllRavyKaIogp2y6g==

GET
H2 200 inline-scripts.js Show response
offtherecord.com/app/common/preprocessor/ 3 KB
2 KB 16ms
14ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 56748cc71c22d9f3f12219b0a1ee17444ae07f1bd29640a3f0076942e2b6fcd0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:25 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"cb4-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: bRv8_R3_1u-r-VNhz5itE3mbu-VMqnypR5jdxi6QNp4exv4bNZq8zQ==

GET
H2 200 client.js Show response
apis.google.com/js/ 17 KB
7 KB 146ms
46ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce33dc61fddd719ab0bb914b3d50b3a82afb8945eda2ba7a388fac66b96e07e2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 21:33:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "f72c6f6cd2ffc177"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
15 KB 171ms
85ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

9afd33ecebacb4ed3f9c1ecf1d50ad4eec1b04c8aa584ed3828e1b95058d9b65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15189
x-xss-protection: 0
server: cafe
etag: 17024150440181632750
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 autotrack.js Show response
offtherecord.com/node_modules/autotrack/ 24 KB
8 KB 26ms
25ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/autotrack/autotrack.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:25 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:24 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"60d8-184e37236c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: g2h6y3Tp-FEtue37a2AJQT9JZqhCNn5A8rQvlEgq8GDlgj6drm9AwQ==

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 795 KB
172 KB 39ms
29ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro.min.css?token=af20baf93e
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 766b624fa66325bb23a7f1bb4d0e5429dab3dde643ab89044967f0e1a2d0d172

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 1916789
etag: "63725960-2b022"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061f80878bbad-FRA
content-length: 176162

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 27 KB
4 KB 56ms
45ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v4-shims.min.css?token=af20baf93e
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23510391ff5b9984f27c28542f4111767ef24c091f5c2e32a723b4325e123f11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 1916789
etag: "63725960-10e7"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061f8087bbbad-FRA
content-length: 4327

GET
H2 200 pro-v5-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 85 KB
12 KB 56ms
45ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v5-font-face.min.css?token=af20baf93e
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97ebbaec1afcc42335561d025651db0eba255ac91b054b29c5e15240b272e70c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
server: cloudflare
age: 1916789
etag: "63725960-30ac"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061f80876bbad-FRA
content-length: 12460

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.2.1/css/ 12 KB
2 KB 73ms
63ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/css/pro-v4-font-face.min.css?token=af20baf93e
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8b3e6bf953a9cf55e65d934a285e6a47203e1e2e0cd3d0b1448a71f5e1075c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:06:07 GMT
server: cloudflare
age: 1916789
etag: "6372595f-908"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061f80875bbad-FRA
content-length: 2312

GET
H2 200 kit-upload.css Show response
kit.fontawesome.com/af20baf93e/103681994/ 443 B
407 B 26ms
26ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/af20baf93e/103681994/kit-upload.css?token=af20baf93e

Requested by

Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/af20baf93e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f666472c3669e7c6d2557a92e7f39e735490f862b1ad82f06f1f7ce48608afab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 5316914
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 776061f7f84fbbad-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: Fxu8qa-b8kLPZL26QFxh

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 14 KB
5 KB 115ms
43ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&f=1&vn=1.3
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: f4a1d3b473031e1ce38acd661060a624d983fb09c6d3c7c647185c845045d549

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:57 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1670419277"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ 677 B
862 B 135ms
47ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oxygen

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9f7a8e11272b8269b6e75d369163fc11d45525ebf7eb8e8c99abbcc90902a606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 20:43:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 24 KB
1 KB 138ms
50ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3ce91e27c75f26017876adeda75acc652f5d48f9875d6db451b2ab3547c3ba64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 20:55:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
703 B 137ms
49ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 20:13:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
762 B 146ms
58ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito:200,300,400,600,700,800,900&display=swap

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

29fefffd74fbd898004a15ce78dd1ca4ca055edb785e1ac2d92c1f9d2582d6bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 21:33:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 css2
fonts.googleapis.com/ 24 KB
1 KB 159ms
72ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a6d3ea3228a2dc96f3eb9ee37a17d83c31e404e16bb85e64e793b7bb4689237

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 20:45:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 Bariol_Bold.woff
offtherecord.com/assets/fonts/ 42 KB
43 KB 16ms
13ms Font
font/woff 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/assets/fonts/Bariol_Bold.woff
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: abb9e4ae9f1682664b88435116330668da070d8208ecc30efdae9dff34d1bbb0

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:26 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"a938-184e3717b40"
x-cache: Hit from cloudfront
content-type: font/woff
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 43320
x-amz-cf-id: Z3AdBxaZYBHNg1o52JC5BWEc5EOR-tf1Blc2CjztT8pdLnWepJHbGw==

GET
H2 200 Bariol_Thin.woff
offtherecord.com/assets/fonts/ 38 KB
39 KB 18ms
16ms Font
font/woff 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/assets/fonts/Bariol_Thin.woff
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 791452a396f1c5751173455e015d2ccf8a19fe1444d07389281336840711b8fc

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:26 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"9864-184e3717b40"
x-cache: Hit from cloudfront
content-type: font/woff
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 39012
x-amz-cf-id: kPqzVorKGe5L8Eme2PLL37EM7VpAtlFySx2KkU8M9IiidOflc-4iBA==

GET
H2 200 icomoon.ttf
offtherecord.com/assets/fonts/ 1 KB
1 KB 20ms
18ms Font
font/ttf 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/assets/fonts/icomoon.ttf?hmoocw
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 107f0c6caa4752feaeebf24f9597163a63cb35aa0caa5dcc4ad15abafa017419

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:25 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"524-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: font/ttf
cache-control: public, max-age=31557600
x-amz-cf-id: _OgZfxYpyRMpKWlzdeFhoo1cjiRpx8bEdj29MOycqjtlvIdX4FP1xA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 117 KB
46 KB 139ms
56ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c69743060af37360cf28d27f5160b40403f2b142e5855c9157d541469ac14c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46206
x-xss-protection: 0
last-modified: Wed, 07 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Dec 2022 21:33:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 114 KB
44 KB 202ms
119ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MVS6TPP&gtm_auth=7szxnVDtCpxOF_NjbDaJgQ&gtm_preview=env-7&gtm_cookies_win=x

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

928cc464f65d7fb81dbb4b0f58c05caf3106e4d2d969d34f3fedcdc649ca871a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45322
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 32ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 21:33:58 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27340
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: tlLcbni6L3ZOedNoLp8YOz/J+1azPfAqwNdHY4UgzVmMGDn/+1fl0T1nWRr1cJmJOqw66opsZPEDe7VRhHZrKQ==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 258 KB
65 KB 99ms
29ms Script
application/javascript 35.201.112.186
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6a5ff7be92be9d18a9b5d912a6983e14e28f97c9168bc47a01ca7d5172035d10

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:03:07 GMT
content-encoding: br
age: 1851
x-guploader-uploadid: ADPycds-zipClIi-QY2IfeliGObp2CzuVQMYkkBQXyhlpQ5Eg9lN2C9Z7IakhZMn9cG-mIAeiyqKrVXjyOaJD3YrZAZQWQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65803
last-modified: Tue, 08 Nov 2022 20:42:05 GMT
server: UploadServer
etag: "b3cc89ae11072c9ee7b443faa623e0e9"
vary: Accept-Encoding
x-goog-generation: 1667940125290071
x-goog-hash: crc32c=LkMtdQ==, md5=s8yJrhEHLJ7ntEP6piPg6Q==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 65803
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 07 Dec 2022 22:03:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 119ms
31ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 21:24:40 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 558
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 07 Dec 2022 23:24:40 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 63ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/app/common/preprocessor/inline-scripts.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 07 Dec 2022 21:33:57 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4C55B23A3A345449794F55F36CF568C Ref B: FRAEDGE1719 Ref C: 2022-12-07T21:33:58Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H2 200 185612438538592 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 134ms
133ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/185612438538592?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

23dd8718d3a4a8288dbc27f9e69ff15ba05658c8abb7d52c97f95362a72aaefe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 07 Dec 2022 21:33:59 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: bUT/HaMVW5pM6tiQ+xQAjadMlzKsstJgYLshhLo0M2OxHFwdJBTxlqiE2tJTh19WsSPwGEBJKLq8lkggyP9jQw==
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

OPTIONS
H2 200 user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 0
0 344ms
109ms Preflight 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=1i8sbywayqs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-59-102.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: api-token
Access-Control-Request-Method: GET
Origin: https://offtherecord.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Feature, X-Resource-Id
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
access-control-max-age: 3600
date: Wed, 07 Dec 2022 21:33:59 GMT
server: nginx/1.20.0

GET
H2 200 _r Show response
app.link/ 91 B
593 B 258ms
212ms Script
text/javascript 2600:9000:20eb:c600:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.0&branch_key=key_live_oik1hC6SvaFGaQl6L4f5chghyqkDbk9G&callback=branch_callback__0

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:c600:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

09cfcef71e5db8ffaf569e3462a8daa3e7d0cdcbca4d2a8c9924b2af9bc5fbf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 1ac3fd533bf6be1b511077f8b8e23bfc.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: FRA2-C1
etag: W/"5b-kfnKSZUYiieymIVxj7cBmIoIfnY"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: PWpAy4D-8D2B_kFHPayn4QUggMsiPZ94EHtyhnXqzNexVjF0X_A9pg==

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/main.6a85d2734327ea951676.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

184368925460adae9690ee6fe33f4cf52391973277dc31d83db39f6d3aa862ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 21:33:59 GMT
content-md5: oPtwP6LezlkyynNAkO2Ypg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: wjwYGN6IjoCkC7Gt3v9EuAVp4eEXPxdUvQIMMggaq+1PrrMF2j4C7ZDxcrkCtZH7dTbwkVR0uKNEX77faT2/ZQ==
x-fb-content-md5: 1944bbbfcfeba934cc53c7a8e4c8e29f
cross-origin-opener-policy: same-origin-allow-popups
etag: "fed7e68f1326ac79146095376ccfcb2c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Wed, 07 Dec 2022 21:44:57 GMT

GET
H/1.1 200
OK widget.js Show response
wchat.freshchat.com/js/ 59 KB
19 KB 338ms
114ms Script
application/javascript 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/js/widget.js

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/main.6a85d2734327ea951676.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

474ce803d275f036d64fd67302998a48ed0122fac30e5bdcab522478779bad41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 1
Connection: keep-alive
x-xss-protection: 1; mode=block
x-request-id: fb4cd6c6-e708-4b31-8876-5b93069dee85
x-trace-id: 00-dd33852f13b7e5e83d1441cce3277966-722862712fa73606-00
served-by: 5323
last-modified: Thu, 01 Dec 2022 12:27:52 GMT
server: fwe
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/javascript
x-fw-ratelimiting-managed: false
cache-control: max-age=900, must-revalidate
x-server: 5323

GET
H2 200 user Show response
otr-backend-service-us-prod.offtherecord.com/api/v1/ 122 B
551 B 326ms
109ms XHR
application/json 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=1i8sbywayqs

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-199-59-102.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

f3f283eeb300723885be482fb13d193ae1b740b3f0194548f18f85ad6bdea402

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
Api-Token: vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx/1.20.0
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 mask.min.js Show response
offtherecord.com/node_modules/angular-ui-mask/dist/ 8 KB
4 KB 17ms
17ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/angular-ui-mask/dist/mask.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 978ab12640fcf74a29985a32c6f817d844a6d9dd99bf0b30b32d5dcbffaeaf6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:24 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"1edb-184e37236c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: hxVA6CHf6ZZZj7sySZxW_zTj7fjud-8-GYlu8UkNuGicJNAN7bW3DA==

GET
H2 200 snap.min.js Show response
offtherecord.com/node_modules/snapjs/ 10 KB
3 KB 18ms
17ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/snapjs/snap.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 1d4e14ba2eadc380927619ca30b3ce478636d400f9560b921dfeb7ae60ce919b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:24 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"26f7-184e37236c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: Z2503AvQyWPNLnSg7Jjh8GMy0yyRKF4alLmmDcrXOeTaoE7QYzYgvw==

GET
H2 200 angular-snap.min.js Show response
offtherecord.com/node_modules/angular-snap/ 4 KB
2 KB 17ms
15ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/angular-snap/angular-snap.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 39273a8dca0241a43647993698bfabbd276d44fa9871d4bd4c5e67b265ba8d87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:23 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"ef0-184e37232d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: 4J9CwOce0TNPYzu4J2nfxiixrxKyFVkaILVan9W6x2kxYj2u4UZdvA==

GET
H2 200 angular-touch.min.js Show response
offtherecord.com/node_modules/angular-touch/ 2 KB
1 KB 28ms
27ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/angular-touch/angular-touch.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 15923ad463706598f8dd20a27bfab037db5f5b8f31c24ff0bdae5e8244c8fbba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:23 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"6cc-184e37232d8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: K7Xr8Okd-rbHVUUie8y09NAXPiOj27xD6kIGOTIZDywP8waw88Ta6Q==

GET
H2 200 fuse.basic.min.js Show response
offtherecord.com/node_modules/fuse.js/dist/ 11 KB
5 KB 18ms
17ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/fuse.js/dist/fuse.basic.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 4a40381b9288a240836a6af346a307527edac1e8e09a22d322d3504a225aadc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:24 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"2cea-184e37236c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: lzeXXxX0__x7nta7VYtHyDUEYBEDbxV1fnaqYPOovHOALLb-KFAotQ==

GET
H2 200 ng-flow-standalone.min.js Show response
offtherecord.com/node_modules/ng-flow/dist/ 16 KB
6 KB 19ms
19ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/ng-flow/dist/ng-flow-standalone.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 3d5edde8712859a5f18bd8f31ef88e5e827792758b5a09d86aa0afe198abd042

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:25 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"4155-184e3723aa8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: FB8AZMyatkmffYritXM_zknVPF1SjIrc5cMyVcXEim43ngEBiPyVQg==

GET
H2 200 angular-number-picker.min.js Show response
offtherecord.com/node_modules/angular-number-picker/dist/ 3 KB
2 KB 18ms
17ms Script
application/javascript 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/node_modules/angular-number-picker/dist/angular-number-picker.min.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/293.8903fb93146eeb696028.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 9f9a68efa68722547471c11da86d757726410f9cae6bb877192c7ce0433f6f1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 18:00:24 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"ca4-184e37236c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: VfrglDPX-1w87l2luuIWhTLhDOg7lfJ0gvfwl_7Zyj3SIs3uVMJUnw==

GET
H2 204 16001542.js Show response
bat.bing.com/p/action/ 0
118 B 102ms
102ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16001542.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 07 Dec 2022 21:33:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 89B776EC7F2F4445A4B7F2619B289B71 Ref B: FRAEDGE1719 Ref C: 2022-12-07T21:33:59Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
175 B 33ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001542&Ver=2&mid=d95af4d2-1b29-455c-b916-4b0581c41ef4&sid=dc3c2a80767611ed800fa56eb6c59841&vid=dc3c5210767611edb71b1190f2bc1285&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fofftherecord.com%2F&r=&lt=1133&evt=pageLoad&sv=1&rn=381812

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 07 Dec 2022 21:33:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B41ACE66BB948BEB4B4C69061468690 Ref B: FRAEDGE1719 Ref C: 2022-12-07T21:33:59Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 tag-1e074d878e1f0ab0cf056160d81fed36.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 173 KB
48 KB 66ms
35ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-1e074d878e1f0ab0cf056160d81fed36.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=660553&u=https%3A%2F%2Fofftherecord.com%2F&f=1&vn=1.3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 15649c161605179d5d7daae122cacdee728751345fda217860195ef517cd37ec

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 07 Dec 2022 13:20:53 GMT
server: gfra1
etag: "63909335-c181"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49537

GET
H3 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 152ms
119ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=660553&d=offtherecord.com&u=DCCB6E2746DF79832D818BC378F4877AE&h=c200ab70b42036491756b7827ea66ff3&t=false&r=0.3443658625869601

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.K9Su0nk3cW8.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8btnHqwUVabznuJubPHkJyYc6kxA/ 307 KB
104 KB 111ms
36ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.K9Su0nk3cW8.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8btnHqwUVabznuJubPHkJyYc6kxA/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f45b384ac925673d553a06e6954ce5170a06b37c53a9405ac581bf105e17dba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 08:48:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218732
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106467
x-xss-protection: 0
last-modified: Tue, 01 Nov 2022 15:24:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 08:48:27 GMT

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 97ms
31ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:35:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 07 Dec 2022 21:35:01 GMT

GET
H2 200 home.component.169b5bd664760c637207.html Show response
offtherecord.com/templates/ 28 KB
6 KB 19ms
18ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/home.component.169b5bd664760c637207.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 24b27d72c11e9ab6df47644b2cd6f3bf777991fea5bfc26b31295cb31079adb7

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"7128-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: ibHdpH_2XjhsNfHtufJKPR7ed2TS4-X1XgSFT6gjGLzNsQGjhn5QqA==

GET
H2 200 terms.component.038988971005fd782bfa.html Show response
offtherecord.com/templates/ 46 KB
10 KB 17ms
17ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/terms.component.038988971005fd782bfa.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: a1161c04d6f26f28beb84bd9145c5ee8ebcc0ad55f60205407483391586414df

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"b991-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: YirSSK4_Ws_902I-GpxZm_GMX2INPCc9Ru9qONrwZ1RC9zsgVUwsQA==

GET
H2 200 help.component.2dcf876b8713b4bd60d5.html Show response
offtherecord.com/templates/ 2 KB
898 B 15ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/help.component.2dcf876b8713b4bd60d5.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: d8d41e8397ee47e183a8214fdeddf6880a291052eba3e1ad100f3dbc7f542e34

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"914-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: yTakIl_r9PAQqYHoTgHyDBKLPP219_3WxGjeFjOq34B7fVWurUa0Jg==

GET
H2 200 client-reviews.component.8b52adc9041bc65a7982.html Show response
offtherecord.com/templates/ 10 KB
2 KB 24ms
23ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/client-reviews.component.8b52adc9041bc65a7982.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 54bc26ea2a0ae205c59e4f271706a588c9e990613d8752fa90ccddebe2870fab

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"26ec-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: aUaYeX6rKYgpl7Pk7tcQfLAxErMwWNOGac7MgRGB0UdJK1wHTepaIQ==

GET
H2 200 referral.component.e99645f79750db507c09.html Show response
offtherecord.com/templates/ 10 KB
2 KB 14ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/referral.component.e99645f79750db507c09.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: f1e8027ede2def8ee1c1ab25fc3e632ea80217cc115db37ddcda995cad4361a9

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"27c5-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: PJZQELuux6sKR_7QKH1gS8V3grUdLBx-2lSBAM-LaseoGpOzsMPLNA==

GET
H2 200 referral-stats.component.d9eac4b1e501e9279c42.html Show response
offtherecord.com/templates/ 3 KB
1 KB 14ms
13ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/referral-stats.component.d9eac4b1e501e9279c42.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 2ba1ad7af6f77b6e2e22057e4de7eb8593d5cb224de15f59ce1f845faa57dea5

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"df0-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: cWmImvlHeBYxbQnJY7keSIIEvNkTkKVrUp6ZQiEoXeCmjupaPrd4fw==

GET
H2 200 referral-invite-prompt.component.74b5250c9c0bde08232f.html Show response
offtherecord.com/templates/ 3 KB
1 KB 16ms
16ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/referral-invite-prompt.component.74b5250c9c0bde08232f.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 5f6f271ff8e9620646f58764459df95790e7dfb724ca852087540b806a0aeb4b

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"bba-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: 0BODeOrRk2wodObWGT6qY9fPyjitdQjEeA_J_s6herfQn0LGIiA-UQ==

GET
H2 200 contact-us-form.component.e074792dc7e708d532b9.html Show response
offtherecord.com/templates/ 6 KB
2 KB 14ms
13ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/contact-us-form.component.e074792dc7e708d532b9.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: cea514742310a1ef741966fd63bdb0373ccc8e86a6699f0fc8407e0456ee1850

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"1938-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: aXpyjovoehS_-aq8aRIba81VWwC-tQ93IkRATFUSUunCzd01C6tgsA==

GET
H2 200 app-text-reveal.component.ec73460453e9a8290e8b.html Show response
offtherecord.com/templates/ 304 B
680 B 14ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/app-text-reveal.component.ec73460453e9a8290e8b.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"130-184e3717b40"
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 304
x-amz-cf-id: e4Fe1ntRr5g_bFIjRHM9txVbpsOFbdNZqYRsMXt8km3jphFokzPkSw==

GET
H2 200 knowledge-base.component.ff3e9f50b863723133d0.html Show response
offtherecord.com/templates/ 1 KB
821 B 13ms
13ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/knowledge-base.component.ff3e9f50b863723133d0.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 023b8c10024a4327232c39f1dded627615777b2ed68e3f1eeedd106e3a3ac3e5

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"5c7-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: FuK9j7DmL_Q_BVBLTvKOoc3DuSjTC-bMnuVSkOAtf0s_jZ8_FeahjA==

GET
H2 200 support-article.component.0b93da129b056fa82c3d.html Show response
offtherecord.com/templates/ 2 KB
935 B 19ms
19ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/support-article.component.0b93da129b056fa82c3d.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 84ccd3a3071d77c78c706cea61e9aaf4aa6c6525c2f2bd9b447143ddcc748aa4

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"64e-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: iP8vZPwwpL_WnGYPIq7xe7TwxpWEnvUUyA90c_AKaIPHWIQNKJuT3w==

POST
H2 200 page Show response
rs.fullstory.com/rec/ 5 KB
2 KB 835ms
799ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 1e91e2401efaa6d2ec964c0ebfabdb90dc16a161559de08e55c3ca81ff71dafe

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: https://offtherecord.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1661

GET
H2 200 3915275.js Show response
tag.getdrip.com/ 920 B
1 KB 466ms
425ms Script
application/javascript 13.224.189.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.getdrip.com/3915275.js
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-123.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: af9a803faae6cb0968f909de5823ad564393721faa6fc2658c7746f56545a626

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 20:12:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "00de65cc591ad43daca489735821211d"
x-cache: Miss from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 920
x-amz-cf-id: DLST6RGHFJ6htpqjZc4UMScFgmY5xKeu5MucyhP10FItnjO4rLMK2A==

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
86 KB 21ms
10ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=ae53c2023fa9955df926b45243fcfd87

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ecf684a04bd818520a3f91a4a924a66944f844f114d38bc6fd12636af8d0ba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 07 Dec 2022 21:33:59 GMT
content-md5: i+3ex7JKyhROjOpoltG/bg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88439
x-fb-rlafr: 0
x-fb-debug: 3og/HS9dLHSzhuOxscfAf1Hocc6QOxl4eLKjxvtffahxJ0rWtNMaGDVeMQd8wnAlxiKvf+fyxwD1EJxrqBqF0g==
x-fb-content-md5: 5eca97f2a68959201a96b837a9896c09
cross-origin-opener-policy: same-origin-allow-popups
etag: "ce9bc0569f3a95f3bb99f8672e728567"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 07 Dec 2023 19:44:35 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 42ms
41ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1547498352&t=pageview&_s=1&dl=https%3A%2F%2Fofftherecord.com%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAEITAAAAACAAI~&jid=521008258&gjid=1997665430&cid=1280634054.1670448839&tid=UA-69140841-1&_gid=677104086.1670448839&_r=1&gtm=2wgbu0MVS6TPP&did=i5iSjo&z=1270207302

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://offtherecord.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 32ms
2ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185612438538592&ev=PageView&dl=https%3A%2F%2Fofftherecord.com%2F&rl=&if=false&ts=1670448839306&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670448839304.959082900&it=1670448839035&coo=false&rqm=GET

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 07 Dec 2022 21:33:59 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 tag-ee7276e1587689e87e8d7dab5bd6dfa8.js Show response
dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/ 107 KB
27 KB 36ms
33ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/tag-ee7276e1587689e87e8d7dab5bd6dfa8.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-1e074d878e1f0ab0cf056160d81fed36.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: a0fcfcd98c62ba1e89c50ba98cdc2a5c617c1fb8a57b3b9150a3853bc000a889

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 07 Dec 2022 13:20:53 GMT
server: gfra1
etag: "63909335-6c42"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27714

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 2 KB
869 B 34ms
33ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=660553&settings_type=1&vn=7.0&exc=1|8|2|3|4|5|6|14
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-1e074d878e1f0ab0cf056160d81fed36.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ebcc2f3a4799c9219395f639d235aa1ed3e72ef88bc0acf43847b4a7124184cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1670419277"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 main-header.partial.cc6b56bcaee25216c070.html Show response
offtherecord.com/templates/ 12 KB
2 KB 14ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/main-header.partial.cc6b56bcaee25216c070.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 66b9205f2695c992bec1a8010ba0bf54985dee277dc34943515d5d756d63d108

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"2e94-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: QxG8tg7jwLC6FrU7JPFkyRf0wccg32UbX6SD4WT4og6z9iSnbIX7Lg==

GET
H2 200 footer.partial.adc857d1d3cfdaa1c88d.html Show response
offtherecord.com/templates/ 10 KB
2 KB 14ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/footer.partial.adc857d1d3cfdaa1c88d.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 3fec4b3033d940636dbeabc31dcee4bb3eedc3b534ad4c1a652e2470fba0c94e

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"26b7-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: 0RwJEbjdacxdaGYwlVnY3O_XiBI57vyl4bJMLZ4PU5Undld6nM5KLw==

GET
H2 200 featured-on.partial.05fb40558ff95ad4028d.html Show response
offtherecord.com/templates/ 1 KB
752 B 28ms
28ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/featured-on.partial.05fb40558ff95ad4028d.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 2fbec33dc79b6fe02f1bb4aed0c266cf0d59ca32ff208c1fb56748de0b1e547e

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"4d3-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: icmag5W6cyrE2sOGBQifeoijItK364WDB0Slxm-Y1pHMGxwwFO6J8Q==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-69140841-1&cid=1280634054.1670448839&jid=521008258&gjid=1997665430&_gid=677104086.1670448839&_u=aGDAAEISAAAAACAAI~&z=1107986516

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 21:33:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://offtherecord.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 323 B
683 B 224ms
177ms XHR
application/json 2600:9000:20eb:2000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:2000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4348691850b3cb323c41a94f5de5b435fc0e9cffdf023e74d15a07d8458de8da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: dbf10b65a27f433ba5808f91dae77259-2022120721
content-length: 323
x-amz-cf-id: sdCB67xfN0wp5QiYOyS1b3KcGRraCNmqthOobZEUL-XGqsJzJhp51g==

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
13 KB 30ms
30ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 07 Dec 2022 13:20:52 GMT
server: gfra1
etag: "63909334-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13599

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 137ms
137ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=660553&u=DCCB6E2746DF79832D818BC378F4877AE&s=1670448837&p=1&ed=%7B%22tz%22%3A%22Etc%2FUnknown%22%2C%22tO%22%3A%220%22%2C%22lt%22%3A%221670448839434%22%2C%22r%22%3A%22%22%2C%22ul%22%3A%22en-us%22%2C%22de%22%3A%22UTF-8%22%2C%22sc%22%3A%2224%22%2C%22sr%22%3A%221600x1200%22%7D&cu=https%253A%252F%252Fofftherecord.com%252F&r=0&cq=1&vn=7.0.256&vns=undefined&vno=4.0.184&eTime=1670448837448&random=0.7052358375555854

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3 200 c.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 119ms
119ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/c.gif?account_id=660553&experiment_id=1&goal_id=1&ru=&u=DCCB6E2746DF79832D818BC378F4877AE&s=1670448837&ifs=1&t=1&cu=https%3A%2F%2Fofftherecord.com%2F&gt=1_8&f={%228%22:%221,3,4,5:1670448837%22}&vn=7.0.256&vns=undefined&vno=4.0.184&eTime=1670448837477&random=0.27486153746378417

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:58 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 default-template.dfe16a5d0ed1e11f6172.html Show response
offtherecord.com/templates/ 678 B
1 KB 17ms
17ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/default-template.dfe16a5d0ed1e11f6172.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: b2972a68e50b9d105e4cc8dec627577d00e93202815f36bcc42ab67d148fd575

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"2a6-184e3717b40"
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 678
x-amz-cf-id: 3hBT25Z2p5kdheZ8Xi95Bw3_6DOKm7C_6zaW2CywIKAT09tZWLwOZQ==

GET
H2 200 pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
fonts.gstatic.com/s/nunitosans/v12/ 17 KB
17 KB 116ms
36ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:49:04 GMT
x-content-type-options: nosniff
age: 517495
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16980
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:33:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:49:04 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 130ms
51ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-69140841-1&cid=1280634054.1670448839&jid=521008258&_u=aGDAAEISAAAAACAAI~&z=972353305

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 145ms
60ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-69140841-1&cid=1280634054.1670448839&jid=521008258&_u=aGDAAEISAAAAACAAI~&z=972353305

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
52 B 120ms
120ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=660553&u=DCCB6E2746DF79832D818BC378F4877AE&s=1670448837&p=1&tags={%22si%22:{%226%22:%221%22,%225%22:%221%22,%224%22:%221%22,%221%22:%221%22}}&eg=4,3,2,1&update=1&cq=1&vn=7.0.256&vns=undefined&vno=4.0.184&_cu=https%3A%2F%2Fofftherecord.com%2F&eTime=1670448837497&random=0.24706333633027633

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:58 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

OPTIONS
H2 200 reviews
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 0
0 109ms
109ms Preflight 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&limit=100
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-59-102.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: api-token
Access-Control-Request-Method: GET
Origin: https://offtherecord.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Feature, X-Resource-Id
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
access-control-max-age: 3600
date: Wed, 07 Dec 2022 21:33:59 GMT
server: nginx/1.20.0

GET
H2 200 banner-alert.component.70dc886d20366383706d.html Show response
offtherecord.com/templates/ 750 B
1 KB 13ms
13ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/banner-alert.component.70dc886d20366383706d.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 7334b9b34d7b3826d4ddb8a335a672e0ed5b0784c15cebc4531997f03c15a07d

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"2ee-184e3717b40"
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 750
x-amz-cf-id: yQitHiRRApBaX8U7oU-MvhFCKzEssQeIEgyqtpb1yh1mjjbkNDeqQw==

GET
H2 200 side-nav.partial.9589234b7e5ebc92816f.html Show response
offtherecord.com/templates/ 4 KB
1 KB 16ms
16ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/side-nav.partial.9589234b7e5ebc92816f.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 4f9c80a2a77bf82badfc8ea73328ad4766079140edd4cd5e9ec21e4d925f47bc

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"1119-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: eFABqPIH84mhTRcAh61Q6IXLBeyJWt7bSk8kkle_7Z0uBlMd3xg00A==

GET
H2 200 stats-banner.component.6fb564ab70946c6b24b2.html Show response
offtherecord.com/templates/ 3 KB
1 KB 15ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/stats-banner.component.6fb564ab70946c6b24b2.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 77dafb301622b519a4fcc2ee2fef4a31eaa152a3c94df404cb434cf51faaa92b

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:27 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"b39-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: C-ifCDIkLl0Pyso-exiUbSnG3q6N_G63jSIuYWilqy-9DAqguyH5Jw==

GET
H2 200 reviews Show response
otr-backend-service-us-prod.offtherecord.com/api/v1/ 85 KB
10 KB 382ms
369ms XHR
application/json 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://otr-backend-service-us-prod.offtherecord.com/api/v1/reviews?includeAnonymous=false&limit=100

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-199-59-102.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

c10c6a5c3dd60b904b163f8de90b94b5094040b61e9220c83e6a862b5e37bea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
Api-Token: vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx/1.20.0
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 23e399de557cc0c0f9bf.png
offtherecord.com/ 41 KB
41 KB 14ms
14ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/23e399de557cc0c0f9bf.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: effe1974a12f7b8ab030117a3599fbc0be15c18a7ade84b5884788838a836da7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"a3c1-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 41921
x-amz-cf-id: 7ndwquddfsrcSkmT5bvTq3CDqhaHkCDzAvtyifdB5a9IJy9pziGMTg==

GET
H2 200 pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 17 KB
17 KB 75ms
73ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 19:45:47 GMT
x-content-type-options: nosniff
age: 6492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17156
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:33:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 07 Dec 2023 19:45:47 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 44ms
42ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 190147
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 16:44:52 GMT

GET
H2 200 pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 17 KB
17 KB 85ms
84ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 11:47:53 GMT
x-content-type-options: nosniff
age: 467166
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17116
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:31:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 11:47:53 GMT

GET
H2 200 pro-fa-solid-900-d5bbe9.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 24 KB
24 KB 25ms
24ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-d5bbe9.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a87caa378662a0579007c576ad8141197ce16499633f355abdf530a5377b1c7

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1916789
etag: "63725b8f-5e04"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061ff6f43bbad-FRA
content-length: 24068

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 118ms
117ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 11:59:40 GMT
x-content-type-options: nosniff
age: 552859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 11:59:40 GMT

GET
H2 200 pro-fa-regular-400-e41116.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 25 KB
25 KB 26ms
25ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-regular-400-e41116.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff0a235dc7d390e1cf916abcb59cbae2aabb8c509a6f46a6c8cffaa0532a48df

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:26 GMT
server: cloudflare
age: 673763
etag: "63725b8e-62c4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061ff6f45bbad-FRA
content-length: 25284

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 16 KB
16 KB 109ms
108ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Fri, 02 Dec 2022 17:19:31 GMT
x-content-type-options: nosniff
age: 447268
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Dec 2023 17:19:31 GMT

GET
H2 200 pro-fa-brands-400-9a7529.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 45 KB
45 KB 30ms
30ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-brands-400-9a7529.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8af72523d3be5cd871bd15fe2058298c96cd9e034820cb4cbddd2b5fbc9c1ddc

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1916789
etag: "63725b8c-b400"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061ff6f48bbad-FRA
content-length: 46080

GET
H2 200 otr-main-header-logo.svg
offtherecord.com/assets/img/ 9 KB
4 KB 58ms
54ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/otr-main-header-logo.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"2495-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: GSPtbfAoFRV64sw_6ZI1OL9MPgffymbGGM2iRtENsMiz5QkwEH2nCg==

GET
H2 200 badge_ios.png
offtherecord.com/assets/img/ 4 KB
4 KB 27ms
20ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/badge_ios.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"eaa-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 3754
x-amz-cf-id: cMOcJ2ANugs9lVG7O9MLCppIzsY-oVgYz9cN0a4KhXZ-UsRhAKBYjg==

GET
H2 200 badge_google_play.png
offtherecord.com/assets/img/ 18 KB
18 KB 20ms
12ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/badge_google_play.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: e484006b9830dab35504a97bd9dc3196e8b682e902849a157fc08281f5ee9c58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"46a0-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 18080
x-amz-cf-id: LARKsq9YcOieeupmqfHyFn02t9KTg3392sVAolEVU3R_RJ_XWOlk_w==

GET
H2 200 hero-img.png
offtherecord.com/assets/img/ 165 KB
165 KB 29ms
22ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/hero-img.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: b39b166082a613e5693afd5ad767b2c7ba74b0ddb5baa4673679f2b0c5ce953a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"29370-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 168816
x-amz-cf-id: wBDu88-5-5eWprNzmhLD1Ha3-ZfrJ2gmFCKTc6EZLywjhBYgjY79xQ==

GET
H2 200 facebook--gray.png
offtherecord.com/assets/img/logos/ 11 KB
11 KB 27ms
21ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/facebook--gray.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 87e8f8478b394e75ddcf0778aef7ce167b36f3f372d52fe4a5db4598069bce9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"2ad0-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 10960
x-amz-cf-id: fJJZOIX1YD7TkQLQQQt49FvpODqh2oroElsSgbvCppZj7ISHI4McEg==

GET
H2 200 reviews-io--gray.png
offtherecord.com/assets/img/logos/ 16 KB
17 KB 33ms
27ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/reviews-io--gray.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 9389933c6b32060ec66aac366725a7aa4808dd96edf0b6707698e6f8b069756a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"4100-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 16640
x-amz-cf-id: SMaCut0mZp4HEp1HfK6vi8eSl7i4ayA9AiV8k_WKNTHxwQkSGUf5zQ==

GET
H2 200 google--gray.png
offtherecord.com/assets/img/logos/ 27 KB
27 KB 32ms
25ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/google--gray.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: e84a67a96a0b380a2a32028b749d683d6aca96c4b5ecfe0b15f1bf602ee64bf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"6a39-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 27193
x-amz-cf-id: mXqnOIW68kozB6eKtIe128RtD78tNn3KZJPDtocOEg-uHCOPi6LfzA==

GET
H2 200 icon-handfull-stars.svg
offtherecord.com/assets/img/ 4 KB
2 KB 28ms
21ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-handfull-stars.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"11aa-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: WROOViiwbZTBBxYuzLTMKL3XB5HwTZ401CV4ptg7iGEIZ4CIiDe0Hw==

GET
H2 200 icon-wallet.svg
offtherecord.com/assets/img/ 2 KB
1 KB 28ms
22ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-wallet.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"7cf-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: rdSqjLx0ICAccj-r9Yes4nqnMPT6noNRMW30u-VPgmc84AJjRrzJtQ==

GET
H2 200 icon-briefcase.svg
offtherecord.com/assets/img/ 2 KB
1 KB 34ms
27ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-briefcase.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"79f-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: Ch_J8jNWNt2V23KGoqkAcK4E9h30kKAdzOMkmmJ6InOzGPMMK1fwVQ==

GET
H2 200 icon-refresh.svg
offtherecord.com/assets/img/ 2 KB
1014 B 34ms
28ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-refresh.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"6e0-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: wo1W4zH63C7npFwvVoWCblOduxGrR7uc1bsJm7Z7Rg0Kbk-8Wlw14g==

GET
H2 200 how-step-1.png
offtherecord.com/assets/img/ 856 KB
858 KB 63ms
57ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/how-step-1.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: d4b974aa358a45f46d74122d25f5bbe1e83af1b55a85767ef2b8f9adbbfcb67a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"d60de-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 876766
x-amz-cf-id: xl_nhI_98Aq3Z85ANzyrqtVFqVH6t-OtQ7JfqqKeJx2JebqLVtU8Ow==

GET
H2 200 how-step-2.png
offtherecord.com/assets/img/ 1 MB
1 MB 34ms
29ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/how-step-2.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 231c57b570ff2a654d0a1a5b40aaa6995427999221fb6ce28d69b576a131a3c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"1131d3-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 1126867
x-amz-cf-id: Y1g32NsunLQT17UvjXvoCV_Swug7Qul5unWjGpfA3HS9MzZOpTFjpQ==

GET
H2 200 how-step-3.png
offtherecord.com/assets/img/ 889 KB
891 KB 44ms
39ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/how-step-3.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: cadb4956b7127df7772396e98e46ea3c72b4e2a842bdf38e53f67259c8983f85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"de5c7-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 910791
x-amz-cf-id: z3X7hM6N2sTJUQY6xXRAHVOZjSUlYBbsSE53AOR5lIMLdp4e4nA3iQ==

GET
H2 200 icon-tickets.svg
offtherecord.com/assets/img/ 3 KB
1 KB 39ms
34ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-tickets.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"d60-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: fgWiFmKn0Zf-8w-ng4vj9_I5Bh6pLnEySMXvB4u-x5L7LBduYKC64g==

GET
H2 200 icon-window-check.svg
offtherecord.com/assets/img/ 2 KB
1 KB 42ms
37ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-window-check.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"6b8-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: Lr8hfP44g8CJb50_v-htZNtKcJb_0XusJOIDi4Ypw8OCuaRXnNKXMg==

GET
H2 200 icon-directions.svg
offtherecord.com/assets/img/ 2 KB
1 KB 43ms
38ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-directions.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"787-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: 5QKoa6D22pk_uEUJ5dBbLQ34vErJGhNsX3ra7reKCiGSjwoqHn3Skw==

GET
H2 200 icon-verified.svg
offtherecord.com/assets/img/ 3 KB
2 KB 43ms
38ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-verified.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"b51-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: rwcVWlPHSiahFRGDAYbNUjl8G-ph3mPtt8JnFKaIKU_U-PS0YcGNhQ==

GET
H2 200 icon-money-back.svg
offtherecord.com/assets/img/ 2 KB
1 KB 53ms
48ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-money-back.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"897-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: CiLoMke0_tXYhb-cYuWJNwwUpBB5n7evyui6cgO2OOeCVRFFH7_SaA==

GET
H2 200 icon-courthouse.svg
offtherecord.com/assets/img/ 3 KB
1 KB 62ms
57ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-courthouse.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"c41-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: 9HOal1G6_bMTxtbfJzdw5DQUTYDmeScV2LWY1BdytkA0vyJcukFbjw==

GET
H2 200 icon-notification-bell.svg
offtherecord.com/assets/img/ 3 KB
1 KB 57ms
52ms Image
image/svg+xml 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/icon-notification-bell.svg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"a5c-184e3717b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=31557600
x-amz-cf-id: C8vbedz2_LcfTDEZEfKDgtTmGJMJgxFje9TPZKBWKNfVkKobypk_8w==

GET
H2 200 cbs-logo-bw-min.png
offtherecord.com/assets/img/logos/ 3 KB
4 KB 58ms
53ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/cbs-logo-bw-min.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: cf950af8af64c9a95980894fb846b7c292daef8c5d2c926883e67ca8585205c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"d0f-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 3343
x-amz-cf-id: zLcNlMj3YgFKXf3Lj9h3H_8yeWCkdhYjoUC8zSTdBtlJdtX-lth23A==

GET
H2 200 fox-news-logo-bw-min.png
offtherecord.com/assets/img/logos/ 4 KB
4 KB 62ms
58ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/fox-news-logo-bw-min.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: f73a98da9f95a6fc0cf990afb6cab3aa425763dabc57657d7716348de1789dec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"e53-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 3667
x-amz-cf-id: ud8zpNTPbJm25I-9on_JRNuxeJ4CimucPz0rOEvmxRAnlUXyDwHwAA==

GET
H2 200 nbc-logo-bw-min.png
offtherecord.com/assets/img/logos/ 5 KB
5 KB 58ms
54ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/nbc-logo-bw-min.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 1665c4ead8413ee315dd58a31d655ce5309f288fc586aa744d6d3655bfe64609

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"128e-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 4750
x-amz-cf-id: Ob6XB6p5SQvn-8P875KXbyfD25xH51dYXr7GBPchkmIdH-7hh2E-gg==

GET
H2 200 geekwire-logo-bw-min.png
offtherecord.com/assets/img/logos/ 4 KB
5 KB 57ms
53ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/geekwire-logo-bw-min.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: eb0148a81522418286ec73bbe42e77c7a1c3495848e1a0fd0f4d46c7804bcf1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"10f5-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 4341
x-amz-cf-id: sAf877FHvMQ1jVZvKg6QKDzfeveZjikEzr0_s0KVz5nZP2ocCj2WJQ==

GET
H2 200 pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 17 KB
17 KB 112ms
111ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:ital,wght@0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 21:50:07 GMT
x-content-type-options: nosniff
age: 517432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17324
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:31:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 21:50:07 GMT

GET
H2 200 pro-fa-brands-400-f6b769.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 18 KB
18 KB 38ms
38ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-brands-400-f6b769.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2306dff2ad40394ccbab07a0ef3124e8a68cdfc4a5fc762a3ef6be86141e406b

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:24 GMT
server: cloudflare
age: 1916789
etag: "63725b8c-480c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061ff9f93bbad-FRA
content-length: 18444

OPTIONS
H2 200 user
otr-backend-service-us-prod.offtherecord.com/api/v1/ Frame 0
0 115ms
114ms Preflight 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=hysmn6u56mo
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-59-102.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: api-token
Access-Control-Request-Method: GET
Origin: https://offtherecord.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Feature, X-Resource-Id
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
access-control-max-age: 3600
date: Wed, 07 Dec 2022 21:33:59 GMT
server: nginx/1.20.0

GET
H2 200 user Show response
otr-backend-service-us-prod.offtherecord.com/api/v1/ 122 B
550 B 110ms
109ms XHR
application/json 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://otr-backend-service-us-prod.offtherecord.com/api/v1/user?version=hysmn6u56mo

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-199-59-102.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

f3f283eeb300723885be482fb13d193ae1b740b3f0194548f18f85ad6bdea402

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
Api-Token: vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx/1.20.0
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 pro-fa-regular-400-e5c668.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 32 KB
32 KB 30ms
29ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-regular-400-e5c668.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 944a7f6a840668d71f459e9414f895e5299978fa61d4056a6b8dd164c43c167b

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:26 GMT
server: cloudflare
age: 1916789
etag: "63725b8e-80f8"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776061ffbfd7bbad-FRA
content-length: 33016

GET
H2 200 fb6f3c230cb846e25247.gif
offtherecord.com/ 4 KB
4 KB 24ms
23ms Image
image/gif 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/fb6f3c230cb846e25247.gif
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"1052-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 4178
x-amz-cf-id: O1ru1Mi6wI0hAdpC3ZSPrmdTko6GA9tsj45tWQCIG26dbX0RJfcNLA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 29 B
432 B 171ms
171ms XHR
application/json 2600:9000:20eb:2000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:2000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-powered-by: Express
etag: W/"1d-0Z1F50chJJpy5srE0HvlOYosSzw"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 53a93e47b56a46c4847f8bd4bb4946da-2022120721
content-length: 29
x-amz-cf-id: inG3FFhxAiWuocSMEGW9tb5hDzruVblpeULWSbqsO8znwoYPxth_IA==

GET
H2 200 pro-fa-solid-900-1722b2.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 26 KB
26 KB 34ms
34ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-1722b2.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6a830a26c9a11dae14dbd539d7c872f5cf1efd608b4daca5a7ce2789ba9b747

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1916789
etag: "63725b8f-67a8"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 776062006928bbad-FRA
content-length: 26536

GET
H2 200 stats-banner-design.png
offtherecord.com/assets/img/ 14 KB
15 KB 15ms
15ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/stats-banner-design.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 3968d37ade51adbdf0a0047ccf818fdac37ad4c7cf373275abf7a2a2f8e941d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29971
x-powered-by: Express
etag: W/"397b-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 14715
x-amz-cf-id: YPvgSv0eVcqiDKNo-viEre1rGWPtZPjpFpBuJ0Y6TTR9zu3NqbrtBw==

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 118ms
39ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 19:42:15 GMT
x-content-type-options: nosniff
age: 525104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 19:42:15 GMT

GET
H2 200 pro-fa-solid-900-b909c1.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 25 KB
25 KB 27ms
26ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-b909c1.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24e5ea2c2821b58c20e033f0cc7a514677efa9f6b0b7935d28e4c90009080612

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:59 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1916789
etag: "63725b8f-6580"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 77606200997fbbad-FRA
content-length: 25984

POST
H2 200 logout Show response
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ 0
424 B 113ms
112ms XHR
text/plain 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-199-59-102.compute-1.amazonaws.com

Software

nginx/1.20.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
Api-Token: vKWrNZN8UMwxcqPxyRqbJo9x6OABtoqMA7scyCkpkSy82UcA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 07 Dec 2022 21:34:00 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
x-content-type-options: nosniff
server: nginx/1.20.0
x-frame-options: DENY
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: 0

OPTIONS
H2 200 logout
otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/ Frame 0
0 110ms
110ms Preflight 34.199.59.102
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://otr-backend-service-us-prod.offtherecord.com/api/v1/authentication/logout
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.59.102 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-59-102.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: api-token,content-type
Access-Control-Request-Method: POST
Origin: https://offtherecord.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept, Api-Token, X-Feature, X-Resource-Id
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: Location, Otr-url-location
access-control-max-age: 3600
date: Wed, 07 Dec 2022 21:33:59 GMT
server: nginx/1.20.0

GET
H2 200 client.js Show response
d14jnfavjicsbe.cloudfront.net/ 88 KB
29 KB 53ms
10ms Script
text/javascript 2600:9000:20eb:e200:1e:9742:1680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d14jnfavjicsbe.cloudfront.net/client.js
Requested by: Host: tag.getdrip.com
URL: https://tag.getdrip.com/3915275.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:e200:1e:9742:1680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9cb435d9631757dce9699bd42f9cf9c27e4b93a9674170ae9d1cb378eb368f0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:31:47 GMT
content-encoding: gzip
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
last-modified: Mon, 23 May 2022 22:40:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 163
etag: W/"a2daea63ec2db739cad8349e8ee224aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-meta-md5sum: otrqY+wttznK2DSejuIkqg==
cache-control: max-age=300
x-amz-cf-id: VktQNvZOk8OJPpz-QiVA1KjK6KHgJGWoCP8gZ1PFfydEBr8xCh7dvA==

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 7F24 0
18 B 20ms
9ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://offtherecord.com
Referer: https://offtherecord.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://offtherecord.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 21:33:59 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 user-rating.component.f6904da87c364c06a12b.html Show response
offtherecord.com/templates/ 3 KB
1008 B 12ms
12ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/user-rating.component.f6904da87c364c06a12b.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: eea5366562d72a121b32333da086a47489f983bb563fb740ccc0a62134c69ce5

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:41:07 GMT
content-encoding: gzip
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Wed, 07 Dec 2022 17:48:49 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 3173
x-powered-by: Express
etag: W/"d0b-184edb453e8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
x-amz-cf-id: 5suava9LG36VYUqRBpX_-7WeEodZwTfqcOy_TEDB-tN8K4iijtmbjQ==

GET
H2 200 avatar-image-fallback.component.31d2811901fb446ef182.html Show response
offtherecord.com/templates/ 59 B
434 B 15ms
14ms XHR
text/html 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://offtherecord.com/templates/avatar-image-fallback.component.31d2811901fb446ef182.html
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 6f734ecf1191f5b75870fb8ef2b2b72acd5bb2552c23f1cd4ab8214cce385572

Request headers

Accept: application/json, text/plain, */*
Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"3b-184e3717b40"
x-cache: Hit from cloudfront
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 59
x-amz-cf-id: capqlB6oaqDUC93u_9oUczGJxWmDjg_Xh36K9SSbbYRXs0Os4TbpWA==

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4333f5dde7ebbe95817db62d45966b8b0ea878734e0ebdceb3cbf93b0b2620d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b604083835a59cf9f77d9b7241cf5228a8d22e976735a0ea69a68cbe7c1359e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 692b86eb74526d07ca165b8eea3728d951fe8df81e93516666550da1ccf28e21

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8a73d9886283369e97c809bb8b7af15cab6263559318fb730256f6da6a720426

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45295a811f899c7eea5e4d0312049da477390afc2a94ffa491dc6979cc34c9ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff00234ed13b5e571fe0ef5b0f9e465c86d895c156193cd0a7c2f75eac059bf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b2355de8c35632901a81e09dd89f0df8f7f27f9203bf4824da8b9c483801401

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85ddb6693cdac9f66361f0f0c54ba4c07eb5b0a202ff94f8692c241bc1ae1fdb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35badedf2f470a003c142adac2b71949647c08863bc1010be3c418e3ad2d4850

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1feff37397f802603ed85e9061608051d5b2a77cea125d78519057d06232b07b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccb7e3319b8febae9c65ab29606ebdf09541e6e0a94d4b606465d3845dcb9717

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 606d1f2d749f0ae5ef2efe867be98b2610ea1a04b4ea0979a6f2bf0f4155aa58

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 331 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1153b55bebff3c11194b85fe0b16ff2378fcf8c0b10a220727eb4ad762491d5c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 330 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dffac0197e3131c6f35307b96613f04748e6365d3bdea82d0f13e8a97347f272

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 google--color.png
offtherecord.com/assets/img/logos/ 5 KB
5 KB 14ms
14ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/google--color.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 03ad13ae622a22bc150ffe7b80c297a81953318bc8d0df254dd48720b5cd737c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"131c-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 4892
x-amz-cf-id: RTyUix4Cgww_Y9AirxsvQDz2OH6JZurlkbKz8a4mjFZnY4H9_uf7OA==

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b15b6c9545897b7e1ec41dae5284c1e102e53c435f12c56ede872c54eae03a92

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 android--green.png
offtherecord.com/assets/img/logos/ 7 KB
8 KB 14ms
13ms Image
image/png 13.224.189.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offtherecord.com/assets/img/logos/android--green.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-100.fra2.r.cloudfront.net
Software: nginx/1.20.0 / Express
Resource Hash: 2e4ffa4d535303a83b7d9428b61533203d8fce37e298f1d5029c7232759cca96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 13:14:28 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Mon, 05 Dec 2022 17:59:36 GMT
server: nginx/1.20.0
x-amz-cf-pop: FRA2-C1
age: 29972
x-powered-by: Express
etag: W/"1da4-184e3717b40"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31557600
accept-ranges: bytes
content-length: 7588
x-amz-cf-id: QaW0mwGpjDCcdPghhL32HXklGhcFtibOxpNttCkqk4MaC_Yc6__x-A==

GET
H2 200 visit Show response
api.getdrip.com/client/events/ 84 B
838 B 183ms
146ms Script
text/javascript 13.224.189.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.getdrip.com/client/events/visit?drip_account_id=3915275&referrer=&url=https%3A%2F%2Fofftherecord.com%2F&domain=offtherecord.com&time_zone=UTC&enable_third_party_cookies=f&callback=Drip_998022065

Requested by

Host: d14jnfavjicsbe.cloudfront.net
URL: https://d14jnfavjicsbe.cloudfront.net/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.66 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-66.fra2.r.cloudfront.net

Software

Resource Hash

ba861e7dd34e16e9a34a15ff8ac907582ad4f69ff0d78e14779bcc011b19336b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amzn-remapped-content-length: 84
x-amzn-remapped-server: nginx
x-permitted-cross-domain-policies: none
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amzn-requestid: 4175f6f6-38d6-45f9-987e-be5e3a2ff011
x-amzn-remapped-connection: keep-alive
x-cache: Miss from cloudfront
x-amz-apigw-id: cy3_VGwpoAMFerA=
content-length: 84
x-xss-protection: 1; mode=block
x-request-id: 0a8fc794-4b7a-4d9b-aa66-6517b01ae577
x-runtime: 0.031586
referrer-policy: strict-origin-when-cross-origin
etag: W/"ba861e7dd34e16e9a34a15ff8ac90758"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:00 GMT
x-amz-cf-id: c5i585KmRKZg4luOcJmXHCdFjq6mYyjvWvAP9zNOjMPuokNVyjEK_g==

GET
H3 200 web Show response
edge.fullstory.com/s/settings/6DGA5/v1/ 5 KB
1 KB 198ms
133ms XHR
application/json 35.201.112.186
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/6DGA5/v1/web
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6fb75923f7e15d56b15d7381d9a3e0c70ec553a34ea4ac1b0b06adc524297c84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
content-encoding: gzip
age: 0
x-guploader-uploadid: ADPycdsYG-oozPMxMtTIXMnDSXmLbYRy2OBOAp1Z5WIdrwD9bKBEer-0XK3n903R3EnJbycLAqvTeXgj7IHAfiHX7W5-
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1392
last-modified: Wed, 07 Dec 2022 21:31:49 GMT
server: UploadServer
etag: "f73559ab7a50189ecc33808c07e53102"
x-goog-generation: 1670403709713749
x-goog-hash: crc32c=GpbHOw==, md5=9zVZq3pQGJ7MM4CMB+UxAg==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=900,no-transform
x-goog-stored-content-length: 1392
accept-ranges: bytes
content-type: application/json
expires: Wed, 07 Dec 2022 21:49:00 GMT

POST
H2 200 logout Show response
api2.branch.io/v1/ 190 B
620 B 171ms
171ms XHR
application/json 2600:9000:20eb:2000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/logout

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:2000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

3bdc989f8fed28685e1e9c84785a61e7884bb04afd91f1d4787379ce76806ce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
etag: W/"be-IwwS6V7leWed7S5SPK5Ot+Phju8"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: d8d9dba3f7764a2b93fdfee382130bd4-2022120721
content-length: 190
x-amz-cf-id: 8sHpdNzm0xNXEsVtomEK_zAEVQ1l9CgxVdNs3kW5QB5kT3WYWfypEg==

GET
H2 200 pro-fa-light-300-e41116.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 27 KB
27 KB 25ms
24ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-light-300-e41116.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f395c92f8076a65bcf89aac811120b7f01cd88eb81a2ccfa772817f7129af11

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:25 GMT
server: cloudflare
age: 242765
etag: "63725b8d-6a68"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 77606205bb52bbad-FRA
content-length: 27240

GET
H2 200 pro-fa-light-300-2a5ebc.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 37 KB
37 KB 27ms
26ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-light-300-2a5ebc.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d4f3e3d9cdcd907e24e84656d52d8eda706f6453051ce1049d52d8817899b04

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:25 GMT
server: cloudflare
age: 242765
etag: "63725b8d-931c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 77606205bb56bbad-FRA
content-length: 37660

GET
H/1.1 403
Forbidden 200289.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 548ms
189ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/200289.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 370209.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 551ms
193ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/370209.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 239394.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 553ms
193ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/239394.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 368997.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 554ms
193ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/368997.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden XHV2Yv2.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 551ms
190ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/XHV2Yv2.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 299820.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 547ms
186ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/299820.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 203808.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 532ms
188ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/203808.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 AD5-WClnAPmN3B9doS4w9PSlkcN5HWyoszW2ljm1NOi4vQ=s120-c-c0x00000000-cc-rp-mo-br100-s150
lh3.googleusercontent.com/a-/ 43 KB
44 KB 124ms
38ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/a-/AD5-WClnAPmN3B9doS4w9PSlkcN5HWyoszW2ljm1NOi4vQ=s120-c-c0x00000000-cc-rp-mo-br100-s150

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5fed1ac25e41548078f7a0efb21d7f58c3815bb6318e3905b0eb8c8ca2719a23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:57:32 GMT
x-content-type-options: nosniff
age: 12988
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44222
x-xss-protection: 0
server: fife
etag: "v594"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 08 Dec 2022 04:44:13 GMT

GET
H/1.1 403
Forbidden 426007.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 533ms
187ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/426007.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H2 200 AEdFTp7QOcDwqj9kstpld4JuEDkhOzkAPhaeLdTmN6nG=s120-c-c0x00000000-cc-rp-mo-ba2-br100-s150
lh3.googleusercontent.com/a/ 10 KB
10 KB 176ms
90ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/a/AEdFTp7QOcDwqj9kstpld4JuEDkhOzkAPhaeLdTmN6nG=s120-c-c0x00000000-cc-rp-mo-ba2-br100-s150

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

64026816756a142fc6895504af5faae7ca3c6ed33c8472d427adff464059311f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:57:32 GMT
x-content-type-options: nosniff
server: fife
age: 12988
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10442
x-xss-protection: 0
expires: Thu, 08 Dec 2022 17:57:32 GMT

GET
H2 200 AEdFTp7BTiQhAkZdVWcpxWxiASWwua8LTVWfUuEVd-JS=s120-c-c0x00000000-cc-rp-mo-br100-s150
lh3.googleusercontent.com/a/ 4 KB
4 KB 185ms
100ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/a/AEdFTp7BTiQhAkZdVWcpxWxiASWwua8LTVWfUuEVd-JS=s120-c-c0x00000000-cc-rp-mo-br100-s150

Requested by

Host: offtherecord.com
URL: https://offtherecord.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4a1405dfb056e054e0bf0852a473da7b77ade738e01898b145e7d220aea0001d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 17:57:32 GMT
x-content-type-options: nosniff
server: fife
age: 12988
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4487
x-xss-protection: 0
expires: Thu, 08 Dec 2022 17:57:32 GMT

GET
H/1.1 403
Forbidden 328861.png
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 540ms
195ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/328861.png
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H/1.1 403
Forbidden 438956.jpeg
off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/ 0
0 542ms
192ms Image
application/xml 52.218.220.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/438956.jpeg
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.220.115 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

GET
H3 200 integrations Show response
rs.fullstory.com/rec/ 4 KB
4 KB 210ms
174ms Script
text/javascript 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/integrations?OrgId=6DGA5
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: d2cb0b7d160a5e811a29ea50219434d1aa58a16985ceef89340306077cdb2a52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/javascript; charset=utf-8

POST
H2 200 logout Show response
api2.branch.io/v1/ 190 B
619 B 316ms
316ms XHR
application/json 2600:9000:20eb:2000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/logout

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:2000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

f06a30b47ef200eef594ec8b76cd78d118d0ce7b82ac52e62dd9e17c1b19ee77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 07 Dec 2022 21:34:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
etag: W/"be-98ALVZBca03/9N13xaXBtVDkvL0"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 5cd017ffb809436baff8c1b79f3defb5-2022120721
content-length: 190
x-amz-cf-id: iV-S9zoV7z5MiS3je3kWPJ1NhYL3dSFLl92XLQ_uffqunSM56y0sUg==

POST
H2 200 / Show response
o485979.ingest.sentry.io/api/5542359/store/ 41 B
317 B 135ms
57ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o485979.ingest.sentry.io/api/5542359/store/?sentry_key=32f21fccf4b94ce4a2fbc6f1fef36e32&sentry_version=7

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

9a5d8b950826750b3594a5d1d2f74dc7dc4c999b3c1c7ffae9edc8a2f21334bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 07 Dec 2022 21:34:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: Origin
content-type: application/json
access-control-allow-origin: https://offtherecord.com
access-control-expose-headers: x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41

GET
H2 200 track Show response
api.getdrip.com/client/ 101 B
855 B 333ms
332ms Script
text/javascript 13.224.189.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.getdrip.com/client/track?url=https%3A%2F%2Fofftherecord.com%2F&visitor_uuid=9290da376cc246cd9168a9780a6c55c9&_action=Visited%20a%20page&source=drip&drip_account_id=3915275&callback=Drip_163832508

Requested by

Host: d14jnfavjicsbe.cloudfront.net
URL: https://d14jnfavjicsbe.cloudfront.net/client.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.66 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-66.fra2.r.cloudfront.net

Software

Resource Hash

95f954f5164e3f3c255211a2052369ad96b2569ccfe16791c64a5d5ce3095088

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amzn-remapped-content-length: 101
x-amzn-remapped-server: nginx
x-permitted-cross-domain-policies: none
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amzn-requestid: c340a50f-0975-41b5-a403-5123612f3abb
x-amzn-remapped-connection: keep-alive
x-cache: Miss from cloudfront
x-amz-apigw-id: cy3_eFWCoAMFwRg=
content-length: 101
x-xss-protection: 1; mode=block
x-request-id: 17bdf72b-e13b-41ba-ba03-f7c39d16cb4c
x-runtime: 0.045954
referrer-policy: strict-origin-when-cross-origin
etag: W/"95f954f5164e3f3c255211a2052369ad"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:01 GMT
x-amz-cf-id: TakDEA5TV3CtCUTwN5yIxbmjuDA9Kj2cPUHzU86JMVna9lvjCDe0Kw==

POST
H3 200 bundle Show response
rs.fullstory.com/rec/ 29 B
43 B 401ms
217ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle?OrgId=6DGA5&UserId=5662973358067712&SessionId=4654901185564672&PageId=5944932856582144&Seq=1&PageStart=1670448839771&PrevBundleTime=0&LastActivity=17&IsNewSession=true
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 1904245bb6482062235bcd6dba4648d05bef87408c89a4edd67311d45ff11935

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://offtherecord.com
date: Wed, 07 Dec 2022 21:34:01 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
content-type: application/json; charset=utf-8

GET
H3 200 latest.js Show response
edge.fullstory.com/datalayer/v3/ 40 KB
11 KB 98ms
33ms Script
application/javascript 35.201.112.186
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/datalayer/v3/latest.js
Requested by: Host: rs.fullstory.com
URL: https://rs.fullstory.com/rec/integrations?OrgId=6DGA5
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1c978006c2d514e45e19ce26c0049fddf88f6aa103335c91ef519b06265e1ad3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 20:45:34 GMT
content-encoding: gzip
age: 2907
x-guploader-uploadid: ADPycdvlYS1EMuxX8r65PHTCpK8rkZRndLJaz2xrgzcEYRPt0VwtB1xHXOK2a8mqiKH2oWH6LtOfdmRl2a4mkF7EtuNYVg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11295
last-modified: Mon, 05 Dec 2022 20:59:29 GMT
server: UploadServer
etag: "07072bef7f1e145b1cef70a821fa782f"
x-goog-generation: 1670273969765949
x-goog-hash: crc32c=VYw5jA==, md5=Bwcr738eFFsc73CoIfp4Lw==
access-control-allow-origin: *
content-type: application/javascript
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 11295
accept-ranges: bytes
expires: Wed, 07 Dec 2022 21:45:34 GMT

GET
H2 200 pro-fa-solid-900-2a5ebc.woff2
ka-p.fontawesome.com/releases/v6.2.1/webfonts/ 28 KB
28 KB 28ms
28ms Font
font/woff2 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.2.1/webfonts/pro-fa-solid-900-2a5ebc.woff2
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 952c0411dfb54d1fe2267c5db27265e2c086dcf71699c908ee157fdf9341196d

Request headers

Referer: https://offtherecord.com/
Origin: https://offtherecord.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:01 GMT
cf-cache-status: HIT
last-modified: Mon, 14 Nov 2022 15:15:27 GMT
server: cloudflare
age: 1916214
etag: "63725b8f-6e7c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7760620a7c5abbad-FRA
content-length: 28284

GET
H2 200 fc-pre-chat-form.css
snippets.freshchat.com/css/ 2 KB
1 KB 52ms
18ms Stylesheet
text/css 13.224.189.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snippets.freshchat.com/css/fc-pre-chat-form.css
Requested by: Host: offtherecord.com
URL: https://offtherecord.com/main.6a85d2734327ea951676.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-86.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9027bc2ee5d559beeb81d822fd8e1b8962f6be256aaed95aca74a0a519406c3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: 7OnEBywXzVAA7dOf2qysIqyO2hTJpPUZ
content-encoding: br
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 21:29:05 GMT
last-modified: Wed, 30 Oct 2019 14:02:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 297
x-amz-server-side-encryption: AES256
etag: W/"4e65817d49212c3bd08daf7ba74670a9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=3600
x-amz-cf-id: m_hM6Kv7MZV4C711D4tMUUooYNMTjojHgC78pk2kZuEKcV0gJwJiaw==

GET
H/1.1 200
OK / Show response
wchat.freshchat.com/widget/ Frame 03F6 5 KB
3 KB 118ms
118ms Document
text/html 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t

Requested by

Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

84abbbc4cd0b65e84730c4a299491e8208c3e7e9e8e0b66cd2b788d3874244a6

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://offtherecord.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html
Date: Wed, 07 Dec 2022 21:34:01 GMT
Transfer-Encoding: chunked
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-encoding: gzip
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
last-modified: Thu, 01 Dec 2022 12:27:52 GMT
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
served-by: 4082
server: fwe
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1
x-fw-ratelimiting-managed: false
x-request-id: b0a23938-ae84-4081-be38-2a68be97e3ac
x-server: 4082
x-trace-id: 00-48e72cae068bb32af1a685db221e375d-cb2b5d211a0318d6-00
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK widget.css
wchat.freshchat.com/widget/css/ 9 KB
3 KB 236ms
116ms Stylesheet
text/css 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/widget/css/widget.css?t=1670448841925

Requested by

Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

02447c2793c5846eabe0ee2721b8f6350bf35c06471e71a0af973306456573cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 1
Connection: keep-alive
x-xss-protection: 1; mode=block
x-request-id: faa3fa4e-342f-9888-a70e-a11f7c6a3a99
x-trace-id: 00-b7f96a13a9d9b66c99b8dd55d485abd4-503aec286bd2d93b-01
served-by: 4082
last-modified: Thu, 01 Dec 2022 12:27:52 GMT
server: fwe
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: text/css
x-fw-ratelimiting-managed: false
cache-control: max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server: 4082
expires: Thu, 07 Dec 2023 21:34:02 GMT

GET
H2 200 vendor.d64d219ca4493f67a3970efc52d51c86.css
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 23 KB
5 KB 39ms
9ms Stylesheet
text/css 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.d64d219ca4493f67a3970efc52d51c86.css
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f2154f49d7d4ed6c74a1ad1dc0e39ef3136fd859059986ed5bcd3050d59867b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:29:50 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 253
x-amz-server-side-encryption: AES256
etag: W/"d64d219ca4493f67a3970efc52d51c86"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: vHW0uaQi-yupFwggTyP-Y9osTb7chB9y_DJ_F5J-D_nna0t_iobMsQ==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 hotline-web.d41d8cd98f00b204e9800998ecf8427e.css
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 0
416 B 39ms
10ms Stylesheet
text/css 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/hotline-web.d41d8cd98f00b204e9800998ecf8427e.css
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:56 GMT
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 7
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 0
last-modified: Thu, 01 Dec 2022 12:27:58 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, no-transform, public
accept-ranges: bytes
x-amz-cf-id: znZi43cmMcG7Q9AiiV3wGOk6O00TZUca62BtUQ9JNMKvNm78FpRFIQ==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 vendor.3474f8e0dcdb6126f26894076afa40d6.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 684 KB
194 KB 38ms
10ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.3474f8e0dcdb6126f26894076afa40d6.js
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7eed09a3bda2013de36d0ac2b942f0149ef500ed56701e5bd80d204ecbf758e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:30:21 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 228
x-amz-server-side-encryption: AES256
etag: W/"3474f8e0dcdb6126f26894076afa40d6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: qcEhRA-a4_9Hbm2M2IiwurH3eRwKUiJ4Awp9BQvsu7SsJj17Zc0cLQ==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 3799.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 772 KB
199 KB 13ms
13ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/3799.js
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0b1182c43d8e2d9ad2bf4d160d19a5f385047c4a0f88b05332140308d458390d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:32:20 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 109
x-amz-server-side-encryption: AES256
etag: W/"8180076189d919f05b9c73b7c659821f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: X69GPcqh9ekd5LCFcqCoBrHqbsSQpwoRUozLrDss-uRqqN_pB2mCxA==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 chunk.dae9916ea314ef4d0ff8.css
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 229 KB
29 KB 9ms
9ms Stylesheet
text/css 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.dae9916ea314ef4d0ff8.css
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bbe4e66132ca8ee028c844abfc0ab6c6e8490cd3171f5e7181dbe17ae6adce25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:30:21 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 234
x-amz-server-side-encryption: AES256
etag: W/"d7b50c07b9248a5b3580e8673cc25c3f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: vqaMWve9-NPfzpSE5zJZq3kivRSaWLkp9mEa0ShoAkdf_--xEfe-kA==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 fd-messaging.76925d88901c00a60140.css
assetscdn-wchat.freshchat.com/static/ Frame 03F6 229 KB
29 KB 11ms
11ms Stylesheet
text/css 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/fd-messaging.76925d88901c00a60140.css
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bbe4e66132ca8ee028c844abfc0ab6c6e8490cd3171f5e7181dbe17ae6adce25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:06 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Mon, 28 Nov 2022 06:44:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 79
x-amz-server-side-encryption: AES256
etag: W/"d7b50c07b9248a5b3580e8673cc25c3f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: Aqn3RGLMNcwAWa-63ycRJvszw1qTjaOheDnntEl5LebKtfi6S2ql5g==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 fd-messaging.70b5110e6eed58324691.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 700 KB
145 KB 12ms
11ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5209d9e09685ab33b8cbe08949b8424f4ef22c9ca04209f7b777cce9308f4371

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:02 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 29
x-amz-server-side-encryption: AES256
etag: W/"a575d616c2f2189f6befb324344343ab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: -cdB4mU7jMlsW8kToV4xglg7YYy5ebdlXcnE-TlngCAXZMaI5hZFOA==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 rts-min.js Show response
rts-static-prod.freshworksapi.com/us/ Frame 03F6 81 KB
25 KB 42ms
8ms Script
text/javascript 13.224.189.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rts-static-prod.freshworksapi.com/us/rts-min.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-34.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b44134c882041c32203269160189f2a0a1b12e4e348f74a1f38b94640f7d65ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: BHs75.bKXbPkSsEMomQcy9Qw2gVgmqdU
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
date: Wed, 07 Dec 2022 21:33:59 GMT
last-modified: Thu, 17 Nov 2022 06:29:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 5
x-amz-server-side-encryption: AES256
etag: W/"c4bb02a4c6be31fc499881d3abbbc6be"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: no-cache
x-amz-cf-id: 8sYu4cpb2ZutARXXYdKm3Ak9KH018NRKduGnhsM7z4CM_4JGa3u8hQ==

GET
H2 200 chunk.9938837881ee5355d084.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 5 KB
2 KB 10ms
10ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.9938837881ee5355d084.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 41d31fccc00a2693af835bb3ad029053a8b9b980eaf363de3a84d474a95e4841

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:06 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 208
x-amz-server-side-encryption: AES256
etag: W/"daac960ffa002e906acd414b6f246293"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: EFwmJ5qDfblrty61DQ4JVJl52gK8UiGr9PIj2dxVCQbABoXs-ECg5Q==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 chunk.f0e50d864072128887fc.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 11 KB
4 KB 18ms
12ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.f0e50d864072128887fc.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7304d86d7c6c039699667162fe39abeb7d531f7f6acba2619a885d39a59ff6c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:31:17 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 167
x-amz-server-side-encryption: AES256
etag: W/"1ae4407b7afcc2dc550f4d597659d448"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: UnKLMvi-REvzAipfMFm46mrLj45l--0jpazQrfhnRyu3ExUKt9kxDw==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H/1.1 200
OK config Show response
wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/ Frame 03F6 2 KB
3 KB 142ms
141ms XHR
application/json 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/config?domain=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t

Requested by

Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.3474f8e0dcdb6126f26894076afa40d6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

b2e76bb47553b8082b06a5bd63746865abac0b94cf5022bac0b633cae64ebf8e

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
strict-transport-security: max-age=31536000; includeSubDomains
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
x-ratelimit-total: 3000
x-ratelimit-used-currentrequest: 1
x-envoy-upstream-service-time: 18
Connection: keep-alive
Content-Length: 1552
x-xss-protection: 1; mode=block
x-request-id: 5dcca69c-eb2d-48af-a2aa-05cc9d921819
x-trace-id: 00-319ac181eef3360c387fe842b3f4fc8c-40ba63780fd482e3-00
server: fwe
x-ratelimit-remaining: 2999
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/json;charset=UTF-8
x-fw-ratelimiting-managed: true
cache-control: no-store
access-control-allow-credentials: true
x-server: 2601
x-ratelimit-limit: 3000

GET
H/1.1 200
OK co-browsing.js Show response
wchat.freshchat.com/widget/js/ 26 KB
9 KB 119ms
118ms Script
application/javascript 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/widget/js/co-browsing.js

Requested by

Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

eb90069bfb802ef63158d8954bb6a025a056b3d084e0c7aae494c7401847e590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 1
Connection: keep-alive
x-xss-protection: 1; mode=block
x-request-id: 9912d053-c1ff-4f80-9d10-848fa70c6b4d
x-trace-id: 00-ba434d40b5d1890a209977427adc29ee-33c7814ffa26a801-00
served-by: 5323
last-modified: Thu, 01 Dec 2022 12:27:52 GMT
server: fwe
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/javascript
x-fw-ratelimiting-managed: false
cache-control: max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server: 5323
expires: Thu, 07 Dec 2023 21:34:02 GMT

GET
H2 206 notif.da662fefc5060dabf2859ea199198b14.mp3
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 4 KB
5 KB 9ms
9ms Media
audio/mpeg 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/notif.da662fefc5060dabf2859ea199198b14.mp3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eb2e3f703cf8ee0156a1d625e053c0968b0dfcff62ea4254ddd8ba9fece3ad32

Request headers

Referer: https://wchat.freshchat.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 07 Dec 2022 21:34:02 GMT
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 175
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-4301/4302
Content-Length: 4302
last-modified: Thu, 27 Oct 2022 11:43:36 GMT
server: AmazonS3
etag: "a529450a7cfb4a60dea41ef294fa90dd"
vary: Accept-Encoding
content-type: audio/mpeg
cache-control: max-age=31536000, no-transform, public
accept-ranges: bytes
x-amz-cf-id: IR_5lGWpX2Pni_WvuzyNvNnp2YrU6N7PaxORGzJC2vOV7hTZPXAo_w==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H/1.1 200
OK user Show response
wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/ Frame 03F6 63 B
1 KB 117ms
117ms XHR
application/json 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/user

Requested by

Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.3474f8e0dcdb6126f26894076afa40d6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

02a00e3ef645e0351f654665d42b03388e6a73e0ab4f853c8904faecf322b229

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
strict-transport-security: max-age=31536000; includeSubDomains
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
x-ratelimit-total: 3000
x-ratelimit-used-currentrequest: 1
x-envoy-upstream-service-time: 3
Connection: keep-alive
Content-Length: 63
x-xss-protection: 1; mode=block
x-request-id: 387973c3-2a64-42dc-bad5-197e3a957283
x-trace-id: 00-01ca9972a17c48e8de30e9d41c70017a-67eb7aac76a3044b-00
server: fwe
x-ratelimit-remaining: 2998
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/json;charset=UTF-8
x-fw-ratelimiting-managed: true
cache-control: no-store
access-control-allow-credentials: true
x-server: 5323
x-ratelimit-limit: 3000

GET
H/1.1 200
OK cb.css
wchat.freshchat.com/widget/css/ 1 KB
2 KB 113ms
113ms Stylesheet
text/css 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/widget/css/cb.css?t=1670448842842

Requested by

Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/widget/js/co-browsing.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

8029982e606b01f8d1651a46683c7a90ef2496e73823047c0e73b72e285d593e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://offtherecord.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-request-id: 4f7e2463-8586-45f1-b0a0-f0d0f569eda1
x-trace-id: 00-77be2459953d49be09328a3a0a4db3de-446cf79c402ff018-00
served-by: 6714
last-modified: Thu, 01 Dec 2022 12:27:52 GMT
server: fwe
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: text/css
x-fw-ratelimiting-managed: false
cache-control: max-age=31536000,no-cache, no-store, must-revalidate, pre-check=0, post-check=0,public
x-server: 6714
expires: Thu, 07 Dec 2023 21:34:02 GMT

GET
H/1.1 200
OK widget_info_v2 Show response
wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/ Frame 03F6 9 KB
3 KB 143ms
143ms XHR
application/json 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/widget_info_v2?locales=en-US,en-US&platform=web

Requested by

Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.3474f8e0dcdb6126f26894076afa40d6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

f5a557c37606b1684a6ff73f7dc9e0dc486ee4530eaa3cf1fc9f533d5b2a3ea7

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:02 GMT
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
x-ratelimit-total: 3000
Transfer-Encoding: chunked
x-ratelimit-used-currentrequest: 1
x-envoy-upstream-service-time: 20
x-status: EXPIRED
Connection: keep-alive
x-xss-protection: 1; mode=block
x-request-id: 132bca36-48cd-478d-af35-cc8536821da9
x-trace-id: 00-ea231b06033f41e0aa3c97de28539a39-17a0d6309754b0a6-00
server: fwe
vary: accept-encoding
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/json;charset=UTF-8
x-fw-ratelimiting-managed: true
cache-control: no-store
access-control-allow-credentials: true
x-server: 2601
x-ratelimit-remaining: 2997
x-ratelimit-limit: 3000

GET
H2 200 chunk.1dc4795cd56d572db712.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 60 KB
15 KB 14ms
13ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.1dc4795cd56d572db712.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462befed2e9022fc8a63fe2222fa565ae4360b60aa2a805f8301253d5e7350ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:07 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Mon, 28 Nov 2022 06:43:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 67
x-amz-server-side-encryption: AES256
etag: W/"c939aebf2ff94aae618963959833de70"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: ekG5ztnCAw7op6nk40JwJq2tjm45Pkchb7_MpiN8q_V0FmBUnB3sBw==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 chunk.06dbc6116583eb762379.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 267 KB
51 KB 12ms
11ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.06dbc6116583eb762379.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f523bf3997717186673e604d4e19a2abd7402105845f4d0d73fed5210064f5ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:33:41 GMT
content-encoding: gzip
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 23
x-amz-server-side-encryption: AES256
etag: W/"f19eb03b66e354125c83d121670d685d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: vTGzhTulGw5jJ7TRcE_ce3YrYnUwrd-RoWRBnE17cgViyCFbKo9zKg==
expires: Fri, 01 Dec 2023 12:27:52 GMT

PUT
H/1.1 200
OK activity Show response
wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/user/63381fe0-596f-452a-b5c1-5748ab68047a/ Frame 03F6 17 B
1 KB 132ms
132ms XHR
application/json 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/user/63381fe0-596f-452a-b5c1-5748ab68047a/activity

Requested by

Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/3799.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:03 GMT
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
strict-transport-security: max-age=31536000; includeSubDomains
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
x-ratelimit-total: 3000
x-ratelimit-used-currentrequest: 1
x-envoy-upstream-service-time: 4
Connection: keep-alive
Content-Length: 17
x-xss-protection: 1; mode=block
x-request-id: 9ea78bdd-6e6b-9214-a4fd-315e8f368929
x-trace-id: 00-c9e8e7f4bd9f134cc64faba15b905700-8b7059c1a65f035f-01
server: fwe
x-ratelimit-remaining: 2996
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/json;charset=UTF-8
x-fw-ratelimiting-managed: true
cache-control: no-store
access-control-allow-credentials: true
x-server: 9886
x-ratelimit-limit: 3000

GET
H2 200 index.html Show response
httpsofftherecordcom.webpush.freshchat.com/ Frame FFEE 30 KB
7 KB 465ms
426ms Document
text/html 13.224.189.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Requested by: Host: wchat.freshchat.com
URL: https://wchat.freshchat.com/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-6.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05a530dd5d40bf5dbef4e3d5ed6976e9aec1baf49a20be30e07b1608918e3bc3

Request headers

Referer: https://offtherecord.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 07 Dec 2022 21:34:04 GMT
etag: W/"4d98f93ebe4eb8cedbbfdb3004920aeb"
last-modified: Fri, 25 Oct 2019 06:53:38 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
x-amz-cf-id: yRcCoSYHk1WaEppPPjutspdt0a47Cp6wFzEB0PzndubZkGKxCzvICg==
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront

GET
H/1.1 200
OK category Show response
wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/faq/ Frame 03F6 209 B
1 KB 126ms
126ms XHR
application/json 54.172.247.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://wchat.freshchat.com/app/services/app/webchat/c36ed4b1-ac05-4052-a91f-83203339cd7c/faq/category?platform=web&locales=en-US%2Cen-US&since=&lastLocaleId=

Requested by

Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/vendor.3474f8e0dcdb6126f26894076afa40d6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.172.247.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-172-247-4.compute-1.amazonaws.com

Software

fwe /

Resource Hash

5d1b3f98e41c0c318f5ebcf69b206583c2fc462665218fc3584e916e57b249c8

Security Headers

Name	Value
Content-Security-Policy	style-src 'unsafe-inline' ; font-src 'self' data:; img-src 'self' * data:; connect-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://.freshchat.com https://.freshworksapi.com; child-src 'self' blob:; media-src 'self' https://.freshchat.com; manifest-src 'self' https://.freshchat.com; default-src 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json
Referer: https://wchat.freshchat.com/widget/?token=c36ed4b1-ac05-4052-a91f-83203339cd7c&referrer=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date: Wed, 07 Dec 2022 21:34:03 GMT
content-security-policy: style-src 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' * data:; connect-src 'self' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.freshchat.com https://*.freshworksapi.com; child-src 'self' * blob:; media-src 'self' https://*.freshchat.com; manifest-src 'self' https://*.freshchat.com; default-src 'none';
strict-transport-security: max-age=31536000; includeSubDomains
nel: { "report_to": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true}
x-ratelimit-total: 3000
x-ratelimit-used-currentrequest: 1
x-envoy-upstream-service-time: 7
Connection: keep-alive
Content-Length: 209
x-xss-protection: 1; mode=block
x-request-id: 5aba33ad-8f25-4d37-8cb7-d9a369d2a684
x-trace-id: 00-f613790879485e96da295ad64ebb7084-f2b9aa483ccf18cd-00
server: fwe
x-ratelimit-remaining: 2995
report-to: { "group": "nel-endpoint-freshchat", "max_age": 60, "include_subdomains": true, "endpoints": [{"url": "https://edge-admin.us-east-1.freshedge.net/nelreports/freshchat"}]}
Content-Type: application/json;charset=UTF-8
x-fw-ratelimiting-managed: true
cache-control: no-store
access-control-allow-credentials: true
x-server: 4082
x-ratelimit-limit: 3000

GET
H2 200 8627.css
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 16 KB
3 KB 12ms
10ms Stylesheet
text/css 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/8627.css
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93ac8e22ef8a241ddd954362cc979528693e4b7732dc5de26154d9bbf60011fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:31:54 GMT
content-encoding: br
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 27 Oct 2022 11:43:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 130
x-amz-server-side-encryption: AES256
etag: W/"20f054b8b45ccd177447feada77d0895"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: d0cvZvhEnnJ7zPdft74I5b0FPRW3qOuaLLqNzgmetMeQ_kTjjkJaMw==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 chunk.628a675083b43474a40b.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 137 B
586 B 10ms
9ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.628a675083b43474a40b.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 49c3013edf1418bbf91a918d399e49717da0543a72c2c7a9e6964063dd94dea8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:31:53 GMT
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 228
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 137
last-modified: Thu, 01 Dec 2022 12:27:56 GMT
server: AmazonS3
etag: "09f1bb696676dad184d04bb7b3602926"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
accept-ranges: bytes
x-amz-cf-id: 0g5qWA0CvJw4wMQ003HzJrBSt_O79jdYBS_NFLdWd8DYFJGGj5FwgA==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 chunk.11d90f755164bc5505e0.js Show response
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 48 KB
14 KB 26ms
25ms Script
application/javascript 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/chunk.11d90f755164bc5505e0.js
Requested by: Host: assetscdn-wchat.freshchat.com
URL: https://assetscdn-wchat.freshchat.com/static/assets/fd-messaging.70b5110e6eed58324691.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88d243f25253d432a1c21a5a8baa8c9252c0f2a5586543b7935d2ee9fbe39d50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:34:03 GMT
content-encoding: br
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
last-modified: Thu, 01 Dec 2022 12:27:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 18
x-amz-server-side-encryption: AES256
etag: W/"123f4c9f2c2093fb886435e7016642c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, no-transform, public
x-amz-cf-id: xwJ74bJevQ25JarxUqKyrluKuLOBIR9AM6b21ib9AM_dFEVNabU9uw==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
BLOB 200
OK aad90523-1693-4f5f-9a3e-2a5fb7ca44c9
https://wchat.freshchat.com/ Frame 03F6 152 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://wchat.freshchat.com/aad90523-1693-4f5f-9a3e-2a5fb7ca44c9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3d08747462129e4b1e6756b57c9f24cc8dd7a6ad095cc416f5dbd52aaa5f7b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Length: 152

GET
H2 200 freshchat-line.7327fc2a43ff6a857c38e96ffa7e00f2.svg
assetscdn-wchat.freshchat.com/static/assets/ Frame 03F6 663 B
1 KB 25ms
24ms Image
image/svg+xml 13.224.189.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assetscdn-wchat.freshchat.com/static/assets/freshchat-line.7327fc2a43ff6a857c38e96ffa7e00f2.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-67.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2b82601133216ec29983087a0532e9b0af553f7f4a8b3b00ff9d7ffcc1142542

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 21:31:14 GMT
via: 1.1 eab88762658052b4a1e386f8521a38ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 194
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 663
last-modified: Thu, 01 Dec 2022 12:27:58 GMT
server: AmazonS3
etag: "cd452acf4efb05843ef7575e5a9de756"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, no-transform, public
accept-ranges: bytes
x-amz-cf-id: Orgg7pWfhSviQcvk2SMHPVVI3hQD_LHgx6oZ2FxZIEMZvahOnAsWtA==
expires: Fri, 01 Dec 2023 12:27:52 GMT

GET
H2 200 img_1525886662574.png
httpsofftherecordcom.webpush.freshchat.com/0403b2ccea0c0c5cc50c75b8637339f1f576312a7a63730edc62a2eb40b11742/f_hlimage/u_a64204bfa240cb896c36e2b48c543dd110fc838dc1e3e7bcb378b720c4c2ad6a/ Frame 03F6 31 KB
31 KB 24ms
23ms Image
image/png 13.224.189.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://httpsofftherecordcom.webpush.freshchat.com/0403b2ccea0c0c5cc50c75b8637339f1f576312a7a63730edc62a2eb40b11742/f_hlimage/u_a64204bfa240cb896c36e2b48c543dd110fc838dc1e3e7bcb378b720c4c2ad6a/img_1525886662574.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-6.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 96056e7f261b02dc4cddc8bc5b87307b95eccd8ed9f41973a51250cd83cc09bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wchat.freshchat.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 07 Dec 2022 09:35:00 GMT
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
last-modified: Wed, 09 May 2018 17:24:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 43144
x-amz-server-side-encryption: AES256
etag: "641d035b6bb597ef736cb45850194a86"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-storage-class: REDUCED_REDUNDANCY
accept-ranges: bytes
content-length: 31610
x-amz-cf-id: T5FygfLK8UsFIKbQXx_kG0z-cScGksyvVaWcwWq2z8P-ZvPnQ9QiSg==

GET
H2 200 fc_logo.png
httpsofftherecordcom.webpush.freshchat.com/ Frame FFEE 4 KB
4 KB 8ms
7ms Image
image/png 13.224.189.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://httpsofftherecordcom.webpush.freshchat.com/fc_logo.png
Requested by: Host: httpsofftherecordcom.webpush.freshchat.com
URL: https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-6.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a963621b4341552ca61590aa02e93b70f189e8050a105c32c0197c3c34b2d114

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://httpsofftherecordcom.webpush.freshchat.com/index.html?ref=aHR0cHM6Ly9vZmZ0aGVyZWNvcmQuY29t
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 09:11:02 GMT
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
last-modified: Thu, 08 Feb 2018 07:54:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
age: 44594
etag: "e87df9f10dcf497ae292dc234200465c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 3777
x-amz-cf-id: GOrRJzwjPjfRIKEfuQd7fjI-YvLR5EeEpRGkjre3JXeVB7q35UKP2A==

POST
H3 200 bundle Show response
rs.fullstory.com/rec/ 29 B
43 B 230ms
229ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle?OrgId=6DGA5&UserId=5662973358067712&SessionId=4654901185564672&PageId=5944932856582144&Seq=2&PageStart=1670448839771&PrevBundleTime=1670448841354&LastActivity=4874&IsNewSession=true
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.7/bundle.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: e6a5da2b275101963b85374086e5712874179ac6ff3a3f706dcb60bc983a8c9a

Request headers

Referer: https://offtherecord.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://offtherecord.com
date: Wed, 07 Dec 2022 21:34:06 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
content-type: application/json; charset=utf-8

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bing.com/	1970-01-20 17:22:24	Name: MUID Value: 26B0B651565E6F773138A422575E6EEA
.offtherecord.com/	1970-01-20 16:46:24	Name: mp_971aeee0e6b3795a30de20c2cc8585b4_mixpanel Value: %7B%22distinct_id%22%3A%20%22184ee8279b02d7-064919b8393668-173b3a75-1d4c00-184ee8279b1bf1%22%2C%22%24device_id%22%3A%20%22184ee8279b02d7-064919b8393668-173b3a75-1d4c00-184ee8279b1bf1%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
.offtherecord.com/	1970-01-20 08:02:15	Name: _uetsid Value: dc3c2a80767611ed800fa56eb6c59841
.offtherecord.com/	1970-01-20 17:22:24	Name: _uetvid Value: dc3c5210767611edb71b1190f2bc1285
.offtherecord.com/	1970-01-20 16:47:51	Name: _vwo_uuid_v2 Value: DCCB6E2746DF79832D818BC378F4877AE\|c200ab70b42036491756b7827ea66ff3
.offtherecord.com/	1970-01-20 17:36:48	Name: _ga Value: GA1.2.1280634054.1670448839
.offtherecord.com/	1970-01-20 08:02:15	Name: _gid Value: GA1.2.677104086.1670448839
.offtherecord.com/	1970-01-20 08:00:48	Name: _gat_UA-69140841-1 Value: 1
.offtherecord.com/	1970-01-20 10:10:24	Name: _fbp Value: fb.1.1670448839304.959082900
.offtherecord.com/	1970-01-20 10:24:48	Name: _vis_opt_s Value: 1%7C
.offtherecord.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.offtherecord.com/	1970-01-20 17:36:48	Name: _vwo_uuid Value: DCCB6E2746DF79832D818BC378F4877AE
.app.link/	1970-01-20 16:46:24	Name: _s Value: 0YSRiiDxpwhFEkMMIdoFzAAopxmPUhLv3T%2FtSWjiFjXBngU4mZEYlBy3IZhMAxgY
.offtherecord.com/	1970-01-20 10:24:48	Name: _vis_opt_exp_14_exclude Value: 1
.offtherecord.com/	1970-01-20 08:00:50	Name: _vwo_sn Value: 0%3A1%3Ar3.visualwebsiteoptimizer.com%3A1%3A1
.offtherecord.com/	1970-01-20 08:44:00	Name: _vwo_ds Value: 3%3At_1%2Ca_1%3A0%241670448837%3A64.69233344%3A8_1_1_0_1%3A4_1%2C3_1%2C2_1%2C1_2%3A3_1%2C2_1%3A0
.offtherecord.com/	1970-01-20 08:44:00	Name: otr-referrer Value: %22https%3A%2F%2Fofftherecord.com%2F%22
.offtherecord.com/	1970-01-20 16:46:24	Name: fs_uid Value: #6DGA5#5662973358067712:4654901185564672:::#/1701984839
.offtherecord.com/	1970-01-20 16:46:24	Name: fs_cid Value: 1.0
.offtherecord.com/	1970-01-20 17:36:48	Name: _drip_client_3915275 Value: vid%253D9290da376cc246cd9168a9780a6c55c9%2526pageViews%253D1%2526sessionPageCount%253D1%2526lastVisitedAt%253D1670448840972%2526weeklySessionCount%253D1%2526lastSessionAt%253D1670448840972
.offtherecord.com/	1970-01-20 16:46:24	Name: _fw_crm_v Value: 18a44366-97c3-4786-cde1-49c27c00958f

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/200289.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/299820.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/370209.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/XHV2Yv2.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/239394.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/368997.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/203808.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/426007.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/328861.png Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://off-the-record-service.s3.amazonaws.com/private/clients/profile-pictures/438956.jpeg Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.getdrip.com
api2.branch.io
apis.google.com
app.link
assetscdn-wchat.freshchat.com
bat.bing.com
browser.sentry-cdn.com
connect.facebook.net
d14jnfavjicsbe.cloudfront.net
dev.visualwebsiteoptimizer.com
edge.fullstory.com
fight.offtherecord.com
fonts.googleapis.com
fonts.gstatic.com
httpsofftherecordcom.webpush.freshchat.com
ka-p.fontawesome.com
kit.fontawesome.com
lh3.googleusercontent.com
o485979.ingest.sentry.io
off-the-record-service.s3.amazonaws.com
offtherecord.com
otr-backend-service-us-prod.offtherecord.com
rs.fullstory.com
rts-static-prod.freshworksapi.com
snippets.freshchat.com
stats.g.doubleclick.net
tag.getdrip.com
wchat.freshchat.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
13.224.189.100
13.224.189.123
13.224.189.34
13.224.189.6
13.224.189.66
13.224.189.67
13.224.189.86
142.250.186.66
2001:4860:4802:38::178
2600:9000:20eb:2000:11:f728:3040:93a1
2600:9000:20eb:c600:19:9934:6a80:93a1
2600:9000:20eb:e200:1e:9742:1680:21
2606:4700::6812:1734
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:813::2001
2a00:1450:4001:813::200a
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2003
2a00:1450:400c:c0a::9d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:600::729
34.120.195.249
34.199.59.102
34.96.102.137
35.186.194.58
35.201.112.186
52.218.220.115
54.172.247.4
54.193.8.172
023b8c10024a4327232c39f1dded627615777b2ed68e3f1eeedd106e3a3ac3e5
02447c2793c5846eabe0ee2721b8f6350bf35c06471e71a0af973306456573cd
02a00e3ef645e0351f654665d42b03388e6a73e0ab4f853c8904faecf322b229
03ad13ae622a22bc150ffe7b80c297a81953318bc8d0df254dd48720b5cd737c
05a530dd5d40bf5dbef4e3d5ed6976e9aec1baf49a20be30e07b1608918e3bc3
09cfcef71e5db8ffaf569e3462a8daa3e7d0cdcbca4d2a8c9924b2af9bc5fbf2
0b1182c43d8e2d9ad2bf4d160d19a5f385047c4a0f88b05332140308d458390d
0bc3b201b03f97f0a69115ed407d31214e8b54671e399e1391d5d705a5f9acc0
0d4f3e3d9cdcd907e24e84656d52d8eda706f6453051ce1049d52d8817899b04
0e52361cb2f6af4bb1f5fa4f27c87ddb8c6d4918ccd75655bd1d1bb34d4eeabe
0f395c92f8076a65bcf89aac811120b7f01cd88eb81a2ccfa772817f7129af11
107f0c6caa4752feaeebf24f9597163a63cb35aa0caa5dcc4ad15abafa017419
1153b55bebff3c11194b85fe0b16ff2378fcf8c0b10a220727eb4ad762491d5c
14c09561486ba385a8a62bc0a8b41e03638a6334648113a7f28be47271eccb5e
15649c161605179d5d7daae122cacdee728751345fda217860195ef517cd37ec
15923ad463706598f8dd20a27bfab037db5f5b8f31c24ff0bdae5e8244c8fbba
1665c4ead8413ee315dd58a31d655ce5309f288fc586aa744d6d3655bfe64609
17d2ee6ef525d4a35125c1ce7417ef5b7e1b611c2dc110a3add824bb078adcbf
184368925460adae9690ee6fe33f4cf52391973277dc31d83db39f6d3aa862ae
1904245bb6482062235bcd6dba4648d05bef87408c89a4edd67311d45ff11935
1c978006c2d514e45e19ce26c0049fddf88f6aa103335c91ef519b06265e1ad3
1d4e14ba2eadc380927619ca30b3ce478636d400f9560b921dfeb7ae60ce919b
1e91e2401efaa6d2ec964c0ebfabdb90dc16a161559de08e55c3ca81ff71dafe
1feff37397f802603ed85e9061608051d5b2a77cea125d78519057d06232b07b
21c4a6458b28a11e5a627e50755b0519962743a4c9bf7847bc29a76ab3fa1c83
2306dff2ad40394ccbab07a0ef3124e8a68cdfc4a5fc762a3ef6be86141e406b
231c57b570ff2a654d0a1a5b40aaa6995427999221fb6ce28d69b576a131a3c6
23510391ff5b9984f27c28542f4111767ef24c091f5c2e32a723b4325e123f11
23dd8718d3a4a8288dbc27f9e69ff15ba05658c8abb7d52c97f95362a72aaefe
24b27d72c11e9ab6df47644b2cd6f3bf777991fea5bfc26b31295cb31079adb7
24e5ea2c2821b58c20e033f0cc7a514677efa9f6b0b7935d28e4c90009080612
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
29fefffd74fbd898004a15ce78dd1ca4ca055edb785e1ac2d92c1f9d2582d6bb
2b82601133216ec29983087a0532e9b0af553f7f4a8b3b00ff9d7ffcc1142542
2ba1ad7af6f77b6e2e22057e4de7eb8593d5cb224de15f59ce1f845faa57dea5
2d367b9054bc5b92d423f2f9484c18d8b41468a7f4fd9e63829d3dba290a206e
2e4ffa4d535303a83b7d9428b61533203d8fce37e298f1d5029c7232759cca96
2fbec33dc79b6fe02f1bb4aed0c266cf0d59ca32ff208c1fb56748de0b1e547e
35badedf2f470a003c142adac2b71949647c08863bc1010be3c418e3ad2d4850
39273a8dca0241a43647993698bfabbd276d44fa9871d4bd4c5e67b265ba8d87
3968d37ade51adbdf0a0047ccf818fdac37ad4c7cf373275abf7a2a2f8e941d2
3bdc989f8fed28685e1e9c84785a61e7884bb04afd91f1d4787379ce76806ce0
3ce91e27c75f26017876adeda75acc652f5d48f9875d6db451b2ab3547c3ba64
3d5edde8712859a5f18bd8f31ef88e5e827792758b5a09d86aa0afe198abd042
3fec4b3033d940636dbeabc31dcee4bb3eedc3b534ad4c1a652e2470fba0c94e
41d31fccc00a2693af835bb3ad029053a8b9b980eaf363de3a84d474a95e4841
4333f5dde7ebbe95817db62d45966b8b0ea878734e0ebdceb3cbf93b0b2620d0
4348691850b3cb323c41a94f5de5b435fc0e9cffdf023e74d15a07d8458de8da
45295a811f899c7eea5e4d0312049da477390afc2a94ffa491dc6979cc34c9ec
462befed2e9022fc8a63fe2222fa565ae4360b60aa2a805f8301253d5e7350ee
474ce803d275f036d64fd67302998a48ed0122fac30e5bdcab522478779bad41
49c3013edf1418bbf91a918d399e49717da0543a72c2c7a9e6964063dd94dea8
4a1405dfb056e054e0bf0852a473da7b77ade738e01898b145e7d220aea0001d
4a40381b9288a240836a6af346a307527edac1e8e09a22d322d3504a225aadc1
4f9c80a2a77bf82badfc8ea73328ad4766079140edd4cd5e9ec21e4d925f47bc
5209d9e09685ab33b8cbe08949b8424f4ef22c9ca04209f7b777cce9308f4371
54bc26ea2a0ae205c59e4f271706a588c9e990613d8752fa90ccddebe2870fab
56748cc71c22d9f3f12219b0a1ee17444ae07f1bd29640a3f0076942e2b6fcd0
5b2355de8c35632901a81e09dd89f0df8f7f27f9203bf4824da8b9c483801401
5d1b3f98e41c0c318f5ebcf69b206583c2fc462665218fc3584e916e57b249c8
5ecf684a04bd818520a3f91a4a924a66944f844f114d38bc6fd12636af8d0ba3
5f6f271ff8e9620646f58764459df95790e7dfb724ca852087540b806a0aeb4b
5fed1ac25e41548078f7a0efb21d7f58c3815bb6318e3905b0eb8c8ca2719a23
603e10027c39bb736cc7dee132026554899c8df72c18a59e85d3f748228b0bd9
606d1f2d749f0ae5ef2efe867be98b2610ea1a04b4ea0979a6f2bf0f4155aa58
64026816756a142fc6895504af5faae7ca3c6ed33c8472d427adff464059311f
643fb7629b665c0f93d4ab0f830f568d434426ff28f21b990ff0f4cf9117148b
648c698dd41bf291833204226476e7d092b281fd06255a70a4925f45ca8c96c2
66b9205f2695c992bec1a8010ba0bf54985dee277dc34943515d5d756d63d108
692b86eb74526d07ca165b8eea3728d951fe8df81e93516666550da1ccf28e21
6a432ec996da0b400368eb6cf47f8e056f2b25e32a50b03d9a709fa6c1fecc1a
6a5ff7be92be9d18a9b5d912a6983e14e28f97c9168bc47a01ca7d5172035d10
6ba797956f6d29b650d458897e48a190cddf0a6ba374350c0bb565fa04f80d65
6f734ecf1191f5b75870fb8ef2b2b72acd5bb2552c23f1cd4ab8214cce385572
6fb75923f7e15d56b15d7381d9a3e0c70ec553a34ea4ac1b0b06adc524297c84
6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3
7304d86d7c6c039699667162fe39abeb7d531f7f6acba2619a885d39a59ff6c5
7334b9b34d7b3826d4ddb8a335a672e0ed5b0784c15cebc4531997f03c15a07d
766b624fa66325bb23a7f1bb4d0e5429dab3dde643ab89044967f0e1a2d0d172
77dafb301622b519a4fcc2ee2fef4a31eaa152a3c94df404cb434cf51faaa92b
78555e77f61d09d04c161af14988377120b44cbfa38a4f8886083949e34f3e46
791452a396f1c5751173455e015d2ccf8a19fe1444d07389281336840711b8fc
7a6d3ea3228a2dc96f3eb9ee37a17d83c31e404e16bb85e64e793b7bb4689237
7eed09a3bda2013de36d0ac2b942f0149ef500ed56701e5bd80d204ecbf758e4
8029982e606b01f8d1651a46683c7a90ef2496e73823047c0e73b72e285d593e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84abbbc4cd0b65e84730c4a299491e8208c3e7e9e8e0b66cd2b788d3874244a6
84ccd3a3071d77c78c706cea61e9aaf4aa6c6525c2f2bd9b447143ddcc748aa4
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85ddb6693cdac9f66361f0f0c54ba4c07eb5b0a202ff94f8692c241bc1ae1fdb
87e8f8478b394e75ddcf0778aef7ce167b36f3f372d52fe4a5db4598069bce9b
88d243f25253d432a1c21a5a8baa8c9252c0f2a5586543b7935d2ee9fbe39d50
8971fe0a892f03a0f0ba568b545194578eaf62dcafabc254e2677c7af64200c3
8a73d9886283369e97c809bb8b7af15cab6263559318fb730256f6da6a720426
8af72523d3be5cd871bd15fe2058298c96cd9e034820cb4cbddd2b5fbc9c1ddc
8c69743060af37360cf28d27f5160b40403f2b142e5855c9157d541469ac14c4
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e742fbd7146cea9dee3a9c4b4474e1da43f62e8864d519c1debe7f10ec6043b
9027bc2ee5d559beeb81d822fd8e1b8962f6be256aaed95aca74a0a519406c3a
909c4adf1c2435d373b6e0d83ee64cc9888881ac24905238ea010b4da3d06b93
928cc464f65d7fb81dbb4b0f58c05caf3106e4d2d969d34f3fedcdc649ca871a
9389933c6b32060ec66aac366725a7aa4808dd96edf0b6707698e6f8b069756a
93ac8e22ef8a241ddd954362cc979528693e4b7732dc5de26154d9bbf60011fb
944a7f6a840668d71f459e9414f895e5299978fa61d4056a6b8dd164c43c167b
952c0411dfb54d1fe2267c5db27265e2c086dcf71699c908ee157fdf9341196d
9555678057f76f7f2eafb7e3b315b4c75b89470e5c297c7b9f72800509ce03cd
95f954f5164e3f3c255211a2052369ad96b2569ccfe16791c64a5d5ce3095088
96056e7f261b02dc4cddc8bc5b87307b95eccd8ed9f41973a51250cd83cc09bf
978ab12640fcf74a29985a32c6f817d844a6d9dd99bf0b30b32d5dcbffaeaf6b
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
97ebbaec1afcc42335561d025651db0eba255ac91b054b29c5e15240b272e70c
9a5d8b950826750b3594a5d1d2f74dc7dc4c999b3c1c7ffae9edc8a2f21334bd
9a87caa378662a0579007c576ad8141197ce16499633f355abdf530a5377b1c7
9afd33ecebacb4ed3f9c1ecf1d50ad4eec1b04c8aa584ed3828e1b95058d9b65
9b604083835a59cf9f77d9b7241cf5228a8d22e976735a0ea69a68cbe7c1359e
9cb435d9631757dce9699bd42f9cf9c27e4b93a9674170ae9d1cb378eb368f0b
9f7a8e11272b8269b6e75d369163fc11d45525ebf7eb8e8c99abbcc90902a606
9f9a68efa68722547471c11da86d757726410f9cae6bb877192c7ce0433f6f1f
a0fcfcd98c62ba1e89c50ba98cdc2a5c617c1fb8a57b3b9150a3853bc000a889
a1161c04d6f26f28beb84bd9145c5ee8ebcc0ad55f60205407483391586414df
a3d08747462129e4b1e6756b57c9f24cc8dd7a6ad095cc416f5dbd52aaa5f7b2
a3d2952330aefe690302e90460777d9b5c6fc354861336a919c83e44fe352800
a5d227b5d9c8b9b461d0a35df1c39685463fe0bd375c2aa2aa197dfd2776a7c8
a8510ffd3e9d2934e0ad67e81a2fc12f36e2b04ac3f3f150bd7e44ad12af3d76
a8b3e6bf953a9cf55e65d934a285e6a47203e1e2e0cd3d0b1448a71f5e1075c1
a963621b4341552ca61590aa02e93b70f189e8050a105c32c0197c3c34b2d114
abb9e4ae9f1682664b88435116330668da070d8208ecc30efdae9dff34d1bbb0
af9a803faae6cb0968f909de5823ad564393721faa6fc2658c7746f56545a626
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b07fffef0ae1504dfba7fb4096afb6e097815298973f51a1b211771e05c075b0
b15b6c9545897b7e1ec41dae5284c1e102e53c435f12c56ede872c54eae03a92
b2972a68e50b9d105e4cc8dec627577d00e93202815f36bcc42ab67d148fd575
b2e76bb47553b8082b06a5bd63746865abac0b94cf5022bac0b633cae64ebf8e
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b39b166082a613e5693afd5ad767b2c7ba74b0ddb5baa4673679f2b0c5ce953a
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b44134c882041c32203269160189f2a0a1b12e4e348f74a1f38b94640f7d65ab
ba861e7dd34e16e9a34a15ff8ac907582ad4f69ff0d78e14779bcc011b19336b
bbe4e66132ca8ee028c844abfc0ab6c6e8490cd3171f5e7181dbe17ae6adce25
bceb73993d094c4c821c7571921103bdc8c05e9082c4fc513d244358d53593db
c10c6a5c3dd60b904b163f8de90b94b5094040b61e9220c83e6a862b5e37bea0
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
c46812c7c91d67dcc84ac30ff32138415af25b3416ea5b6588628cb3e2d1f686
c6a830a26c9a11dae14dbd539d7c872f5cf1efd608b4daca5a7ce2789ba9b747
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
cadb4956b7127df7772396e98e46ea3c72b4e2a842bdf38e53f67259c8983f85
ccb7e3319b8febae9c65ab29606ebdf09541e6e0a94d4b606465d3845dcb9717
ce33dc61fddd719ab0bb914b3d50b3a82afb8945eda2ba7a388fac66b96e07e2
cea514742310a1ef741966fd63bdb0373ccc8e86a6699f0fc8407e0456ee1850
cf950af8af64c9a95980894fb846b7c292daef8c5d2c926883e67ca8585205c9
d100a79e9ca4f220f81fd0729136ce2839c361f0850a3ddabb987bb04c99b925
d2cb0b7d160a5e811a29ea50219434d1aa58a16985ceef89340306077cdb2a52
d4b974aa358a45f46d74122d25f5bbe1e83af1b55a85767ef2b8f9adbbfcb67a
d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b
d8d41e8397ee47e183a8214fdeddf6880a291052eba3e1ad100f3dbc7f542e34
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dffac0197e3131c6f35307b96613f04748e6365d3bdea82d0f13e8a97347f272
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e484006b9830dab35504a97bd9dc3196e8b682e902849a157fc08281f5ee9c58
e6a5da2b275101963b85374086e5712874179ac6ff3a3f706dcb60bc983a8c9a
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e84a67a96a0b380a2a32028b749d683d6aca96c4b5ecfe0b15f1bf602ee64bf0
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e9dc51a4567e3f477c625dd64bb07175d5de9c5bacec92e645c8430afe2fbff8
eb0148a81522418286ec73bbe42e77c7a1c3495848e1a0fd0f4d46c7804bcf1b
eb2e3f703cf8ee0156a1d625e053c0968b0dfcff62ea4254ddd8ba9fece3ad32
eb90069bfb802ef63158d8954bb6a025a056b3d084e0c7aae494c7401847e590
ebcc2f3a4799c9219395f639d235aa1ed3e72ef88bc0acf43847b4a7124184cc
ed1f896874cf1d2e5ffcf369ed1277be55c36ab18bcbeb822e7a587008e397bf
eea5366562d72a121b32333da086a47489f983bb563fb740ccc0a62134c69ce5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effe1974a12f7b8ab030117a3599fbc0be15c18a7ade84b5884788838a836da7
f06a30b47ef200eef594ec8b76cd78d118d0ce7b82ac52e62dd9e17c1b19ee77
f1e8027ede2def8ee1c1ab25fc3e632ea80217cc115db37ddcda995cad4361a9
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f2154f49d7d4ed6c74a1ad1dc0e39ef3136fd859059986ed5bcd3050d59867b3
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f3f283eeb300723885be482fb13d193ae1b740b3f0194548f18f85ad6bdea402
f45b384ac925673d553a06e6954ce5170a06b37c53a9405ac581bf105e17dba4
f4a1d3b473031e1ce38acd661060a624d983fb09c6d3c7c647185c845045d549
f523bf3997717186673e604d4e19a2abd7402105845f4d0d73fed5210064f5ea
f5a557c37606b1684a6ff73f7dc9e0dc486ee4530eaa3cf1fc9f533d5b2a3ea7
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f666472c3669e7c6d2557a92e7f39e735490f862b1ad82f06f1f7ce48608afab
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f73a98da9f95a6fc0cf990afb6cab3aa425763dabc57657d7716348de1789dec
f9c242bdf5411decaed3c6fd15a0193472feedd3f6509fa5d3a91267cb7daa27
ff00234ed13b5e571fe0ef5b0f9e465c86d895c156193cd0a7c2f75eac059bf1
ff0a235dc7d390e1cf916abcb59cbae2aabb8c509a6f46a6c8cffaa0532a48df

offtherecord.com Open in urlscan Pro 13.224.189.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

195 Requests

99 %HTTPS

52 %IPv6

25 Domains

34 Subdomains

33 IPs

3 Countries

6827 kBTransfer

18504 kBSize

21 Cookies

13 Outgoing links

Page URL History

Redirected requests

195 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

offtherecord.com Open in urlscan Pro
13.224.189.100 Public Scan

Screenshot
Live screenshot

Full Image

195
Requests

99 %
HTTPS

52 %
IPv6

25
Domains

34
Subdomains

33
IPs

3
Countries

6827 kB
Transfer

18504 kB
Size

21
Cookies

195 HTTP transactions
20 data transactions