Submitted URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Effective URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2F...
Submission: On October 27 via automatic, source certstream-suspicious — Scanned from CA

Summary

This website contacted 14 IPs in 1 countries across 10 domains to perform 102 HTTP transactions. The main IP is 18.164.116.15, located in United States and belongs to AMAZON-02, US. The main domain is login.nxfe.aeroflow.ninja.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 21st 2024. Valid for: a year.
This is the only time login.nxfe.aeroflow.ninja was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
39 18.173.132.84 16509 (AMAZON-02)
1 1 3.171.22.73 16509 (AMAZON-02)
22 18.164.116.15 16509 (AMAZON-02)
7 74.125.192.97 15169 (GOOGLE)
5 172.253.122.100 15169 (GOOGLE)
3 31.13.66.19 32934 (FACEBOOK)
3 150.171.28.10 8075 (MICROSOFT...)
1 173.194.205.157 15169 (GOOGLE)
4 173.194.205.156 15169 (GOOGLE)
1 2 142.251.16.157 15169 (GOOGLE)
4 74.125.192.157 15169 (GOOGLE)
1 2 142.251.174.106 15169 (GOOGLE)
4 173.194.68.94 15169 (GOOGLE)
6 157.240.229.35 32934 (FACEBOOK)
2 216.239.38.181 15169 (GOOGLE)
102 14
Apex Domain
Subdomains
Transfer
62 aeroflow.ninja
bill-pay.pr67.nxfe.aeroflow.ninja
bill-pay.nxfe.aeroflow.ninja
login.nxfe.aeroflow.ninja
2 MB
10 doubleclick.net
td.doubleclick.net — Cisco Umbrella Rank: 192
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
3 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
671 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
6 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
21 KB
4 google.ca
www.google.ca — Cisco Umbrella Rank: 12143
254 B
4 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 147
88 B
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 348
15 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
80 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 89
3 KB
102 10
Domain Requested by
39 bill-pay.pr67.nxfe.aeroflow.ninja bill-pay.pr67.nxfe.aeroflow.ninja
22 login.nxfe.aeroflow.ninja bill-pay.pr67.nxfe.aeroflow.ninja
login.nxfe.aeroflow.ninja
7 www.googletagmanager.com login.nxfe.aeroflow.ninja
www.googletagmanager.com
www.google-analytics.com
6 www.facebook.com
5 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
4 www.google.ca
4 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
4 td.doubleclick.net www.googletagmanager.com
3 bat.bing.com bill-pay.pr67.nxfe.aeroflow.ninja
bat.bing.com
3 connect.facebook.net www.googletagmanager.com
connect.facebook.net
2 analytics.google.com www.googletagmanager.com
2 www.google.com 1 redirects
2 googleads.g.doubleclick.net 1 redirects www.googletagmanager.com
1 www.googleadservices.com www.googletagmanager.com
1 bill-pay.nxfe.aeroflow.ninja 1 redirects
102 15

This site contains links to these domains. Also see Links.

Domain
aeroflowhealth.com
Subject Issuer Validity Valid
bill-pay.pr67.nxfe.aeroflow.ninja
Amazon RSA 2048 M03
2024-10-25 -
2025-11-23
a year crt.sh
login.nxfe.aeroflow.ninja
Amazon RSA 2048 M03
2024-10-21 -
2025-11-19
a year crt.sh
*.google-analytics.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-08-05 -
2024-11-03
3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03
2024-09-16 -
2025-03-15
6 months crt.sh
*.googleadservices.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.doubleclick.net
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.g.doubleclick.net
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.google.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.google.ca
WR2
2024-10-07 -
2024-12-30
3 months crt.sh

This page contains 6 frames:

Primary Page: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Frame ID: 00A0A3FBEB269B9C538E1528469BF908
Requests: 97 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Flogin.nxfe.aeroflow.ninja
Frame ID: CAAE4E0EE3000CF9B433EFD3837587FB
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/16494318374?random=1730034402904&cv=11&fst=1730034402904&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&ct_cookie_present=0
Frame ID: 82EE30E626F96A2D964C5124F10606EC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1027036248?random=1730034402982&cv=11&fst=1730034402982&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v899227141z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 1AF4A2CE58F1D389B68BC67BFF085BB9
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-TNWFCRR7X6&gacid=806571680.1730034403&gtm=45je4ao0v9164377629za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101925629&z=1782513811
Frame ID: 40EBC2D46EF5D6F845F958DCFB45413E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-3KTGX16CWX&gacid=806571680.1730034403&gtm=45je4ao0v899227879za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848&z=1833050787
Frame ID: 8D38A6AA387D52C551F35FAE16770D98
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Aeroflow Authentication Portal

Page URL History Show full URLs

  1. https://bill-pay.pr67.nxfe.aeroflow.ninja/ Page URL
  2. https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in Page URL
  3. https://bill-pay.nxfe.aeroflow.ninja/api/auth/patient-auth?client_id=31sj6hifeqqt9mi797flijd0bi&scope=openid&resp... HTTP 307
    https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nx... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

102
Requests

99 %
HTTPS

0 %
IPv6

10
Domains

15
Subdomains

14
IPs

1
Countries

2496 kB
Transfer

5617 kB
Size

24
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bill-pay.pr67.nxfe.aeroflow.ninja/ Page URL
  2. https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in Page URL
  3. https://bill-pay.nxfe.aeroflow.ninja/api/auth/patient-auth?client_id=31sj6hifeqqt9mi797flijd0bi&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth HTTP 307
    https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&eitems=ChEI8Mn3uAYQweWqrPCapNnCARIdAD8nWZuWUDOuUK8nrLTBIWX7FmhQftR1qovWjds&pscrd=IhMIusyssNCuiQMVaQpoCB2HHieAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiJodHRwczovL2xvZ2luLm54ZmUuYWVyb2Zsb3cubmluamEvQldDaEFJOE1uM3VBWVF3YTJDaVBEbF84VXBFaTBBRERZNFBPVTdyc2RxTDVRQUdmX3RzbzhwYVA4YlFJaklvN0xRXy1SWnZoRFcyMnZHcE1hUTFBeU5ldVE HTTP 302
  • https://www.google.com/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIusyssNCuiQMVaQpoCB2HHieAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiJodHRwczovL2xvZ2luLm54ZmUuYWVyb2Zsb3cubmluamEvQldDaEFJOE1uM3VBWVF3YTJDaVBEbF84VXBFaTBBRERZNFBPVTdyc2RxTDVRQUdmX3RzbzhwYVA4YlFJaklvN0xRXy1SWnZoRFcyMnZHcE1hUTFBeU5ldVE&is_vtc=1&cid=CAQSGwDpaXnfDCE94RIQgJiDzL3zqSJ6-rHA7OIGtQ&eitems=ChEI8Mn3uAYQweWqrPCapNnCARIdAD8nWZtLHpCoW7xDad-jnSzwoXId9fZ_dcOtmmk&random=361577146 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIusyssNCuiQMVaQpoCB2HHieAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiJodHRwczovL2xvZ2luLm54ZmUuYWVyb2Zsb3cubmluamEvQldDaEFJOE1uM3VBWVF3YTJDaVBEbF84VXBFaTBBRERZNFBPVTdyc2RxTDVRQUdmX3RzbzhwYVA4YlFJaklvN0xRXy1SWnZoRFcyMnZHcE1hUTFBeU5ldVE&is_vtc=1&cid=CAQSGwDpaXnfDCE94RIQgJiDzL3zqSJ6-rHA7OIGtQ&eitems=ChEI8Mn3uAYQweWqrPCapNnCARIdAD8nWZtLHpCoW7xDad-jnSzwoXId9fZ_dcOtmmk&random=361577146&ipr=y

102 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
bill-pay.pr67.nxfe.aeroflow.ninja/
4 KB
2 KB
Document
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/ Next.js
Resource Hash
9aaebf59f4128046dfa1c5f168d4f976056a12105d658a3ad9ee9862f96ad531

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
private, no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 27 Oct 2024 13:06:39 GMT
link
</_next/static/media/a34f9d1faa5f3315-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
vary
Accept-Encoding
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-amz-cf-id
RPI9yXWvnzskdojONaeyZdJSisG4PajfpZPhN8G2ayvfl3nkvArI4A==
x-amz-cf-pop
JFK52-P2
x-cache
Miss from cloudfront
x-powered-by
Next.js
a34f9d1faa5f3315-s.p.woff2
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/media/
47 KB
48 KB
Font
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/media/a34f9d1faa5f3315-s.p.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://bill-pay.pr67.nxfe.aeroflow.ninja
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"bdac-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
48556
x-amz-cf-id
_me_gHqvv8aNjK7XszMRLClBuiewRprRljAxFfoNHkXCEZqyfZ2WdA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
font/woff2
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
x-amz-cf-pop
JFK52-P2
7710393c02661c51.css
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/css/
20 KB
5 KB
Stylesheet
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/css/7710393c02661c51.css
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
054ee4fb007190a56f3b1d4ea26aa8380702e47575150a5da1a2f8d0d941e045

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"502b-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
PMfcMwQHd7NUJ4xdYvTYbO0QUrnouOyj5AJgPazU6K80Hpis4z0FcQ==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
text/css; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
webpack-dca11a161dfcf55d.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
4 KB
2 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
a1864dec0b0143918dfa672e638af26807ec8c589d92e51a061dfecb1326ae79

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"e92-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
4-bXFUJEA9pQ2a3vpAqSrz6HvhFrAPJYtcC7If5Sq6m06DzQj7FCzA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
b597de35-27e8539c591a7743.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
169 KB
53 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/b597de35-27e8539c591a7743.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
9dfce8b7d5c27051430fe789dbe4b4cb0f94fde0b399ccacfd5c9521c5584193

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2a31f-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
HWRxwJlfn3r0snWvWLufF1dNAEtcBsHTDAOcs532ekEwqT65qzaL2g==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
67-2c6e112c7b6a2059.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
120 KB
31 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/67-2c6e112c7b6a2059.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
c6a9569a4d24b9f0a4c5343f6c9bec0aaa37c43ef776c6245483e86492c6b123

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1e134-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
mvDgkaxWELQ8N9LZO5pkNju2eUizjMV3b-SJFRJPnznrMOICk7__Xw==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
main-app-d9d5ce9c23989305.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
462 B
840 B
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/main-app-d9d5ce9c23989305.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
5907dbcbdab3e72afb9cd0dc9d45189827916a50d94281a2a9831ae6b3408946

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"1ce-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
462
x-amz-cf-id
EzBJB2T7QrjHppWy8dwpWd4PSS9__e2FezkhvtkoDR0JIzKHJ4lzvw==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
508-ef7933f0ba718f52.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
35 KB
10 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
207d5e6a985555d58fb1890fb342fbbe00ca2d1f5de30363405a3802504bcab7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"8b09-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
eClFyzMH5wK_xFYUNzPRWcmr2aigFP7sdGs9JsYWkA7PMzd91br9Hg==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
layout-2427b78d5ee639df.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/
650 B
1 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/layout-2427b78d5ee639df.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
f635a9aade026b50b4314df1ec11455bcb3762c4f0225e5c052feaeecf870a1d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"28a-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
650
x-amz-cf-id
FDgF4tvHlo6C7F7L8xO5oVy-IzRYuPphguNe9miKuKY_SNPrlf6QUA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
495-d485ac6bab4189ce.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
20 KB
7 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/495-d485ac6bab4189ce.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
3a5a728b6efc60ffdbc5f28a13086860eb8c369d0fce2e65935bb165f89feaff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"4f6f-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
PhnkFCvA8I4oUTxSIMEpr5xUdWfBHX4Gg1iLO2bu0gdelp3a_So_lQ==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
not-found-363aedb35228d921.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/
428 B
806 B
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/not-found-363aedb35228d921.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
655c20ed078bc39e1060322db72a15a7afb30de4d38849b34d8bb7d8169cae10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"1ac-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
428
x-amz-cf-id
OPQC3J3PChWqQc9GTp2g8-XPvUI8lbYXaIQIBGTkOtWF10eKU3UM2w==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
session
bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/
2 B
472 B
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/session
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
NF3JDO8oYctchNAVNs0X5U0pIfJFSJfaher0xHMElNaufyH2RYR5Cg==
date
Sun, 27 Oct 2024 13:06:39 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P2
sign-in
bill-pay.pr67.nxfe.aeroflow.ninja/
3 KB
1 KB
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in?_rsc=1iwkq
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/67-2c6e112c7b6a2059.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
c0ac952012e14fa0ac2e2167bcad021e4bed54129c9efea69caee9e8302cd8fb

Request headers

RSC
1
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/
Next-Url
/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

x-amz-cf-id
r4OGOsd-MMe7Sm8vXIHRAkCins9WOuoYaTaiZeOyyjokRDgnMyH8fQ==
cache-control
s-maxage=31536000, stale-while-revalidate
content-encoding
gzip
etag
"clnu535d7m2ho"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-nextjs-cache
HIT
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
text/x-component
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
favicon.ico
bill-pay.pr67.nxfe.aeroflow.ninja/
15 KB
15 KB
Other
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
b2792c92c84ee737e9786dfc2f60363f79c03c98154257f81c53618ba82ac77e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=0, must-revalidate
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
image/x-icon
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
k12c1MCGaLPKAah3FinsCwSwUo62PPRp54qUN7M7lhvyFa0d-Sv95w==
378-67ab167c9b4c25bb.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
13 KB
5 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/378-67ab167c9b4c25bb.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"33ff-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
Xu1BQINSGJ_dYK-yM2WL6BAVGlEUD0LEmRux9u_NKvgkq3uxElSWWQ==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
684-18786c17264b4124.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
28 KB
11 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/684-18786c17264b4124.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"7129-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
atYTT7iTKr5r9IBzkV5JP400fVEv-LsKArR12D8J3pB2o8TI1_UzAA==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
page-73d2c9247f8894e0.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/sign-in/
7 KB
3 KB
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/sign-in/page-73d2c9247f8894e0.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1b36-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
EwQVTY25WT5Wo-ggypr3Bt-ERXnwiS9DF-L2EYo-ArBnDfwftjQKjw==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
layout-73c1fd3842f5e05a.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/
215 B
583 B
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/layout-73c1fd3842f5e05a.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"d7-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
215
x-amz-cf-id
rKSucIsW1hMxZVK6Nj_iGx6TqbdyU_sYAr23fV-5h6Mxd8Cq8yYS4w==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
sign-in
bill-pay.pr67.nxfe.aeroflow.ninja/
6 KB
2 KB
Document
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/67-2c6e112c7b6a2059.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/ Next.js
Resource Hash
37f7d331352bcb85e8c097272720ac6e4af4c078043a25055b48156ff59d5938

Request headers

Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
s-maxage=31536000, stale-while-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 27 Oct 2024 13:06:40 GMT
etag
"ihsjle1nli4u0"
vary
Accept-Encoding
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-amz-cf-id
sck7eyVIp-E7nXolvjJJXjcOnAr0fwV201HOBJO5hbStvqtQQJp1Sg==
x-amz-cf-pop
JFK52-P2
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
x-powered-by
Next.js
a34f9d1faa5f3315-s.p.woff2
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/media/
47 KB
0
Font
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/media/a34f9d1faa5f3315-s.p.woff2
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://bill-pay.pr67.nxfe.aeroflow.ninja
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"bdac-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
48556
x-amz-cf-id
_me_gHqvv8aNjK7XszMRLClBuiewRprRljAxFfoNHkXCEZqyfZ2WdA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
font/woff2
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
x-amz-cf-pop
JFK52-P2
7710393c02661c51.css
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/css/
20 KB
0
Stylesheet
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/css/7710393c02661c51.css
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
054ee4fb007190a56f3b1d4ea26aa8380702e47575150a5da1a2f8d0d941e045

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"502b-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
PMfcMwQHd7NUJ4xdYvTYbO0QUrnouOyj5AJgPazU6K80Hpis4z0FcQ==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
text/css; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
webpack-dca11a161dfcf55d.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
4 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/webpack-dca11a161dfcf55d.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
a1864dec0b0143918dfa672e638af26807ec8c589d92e51a061dfecb1326ae79

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"e92-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
4-bXFUJEA9pQ2a3vpAqSrz6HvhFrAPJYtcC7If5Sq6m06DzQj7FCzA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
b597de35-27e8539c591a7743.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
169 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/b597de35-27e8539c591a7743.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
9dfce8b7d5c27051430fe789dbe4b4cb0f94fde0b399ccacfd5c9521c5584193

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2a31f-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
HWRxwJlfn3r0snWvWLufF1dNAEtcBsHTDAOcs532ekEwqT65qzaL2g==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
67-2c6e112c7b6a2059.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
120 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/67-2c6e112c7b6a2059.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
c6a9569a4d24b9f0a4c5343f6c9bec0aaa37c43ef776c6245483e86492c6b123

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1e134-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
mvDgkaxWELQ8N9LZO5pkNju2eUizjMV3b-SJFRJPnznrMOICk7__Xw==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
main-app-d9d5ce9c23989305.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
462 B
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/main-app-d9d5ce9c23989305.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
5907dbcbdab3e72afb9cd0dc9d45189827916a50d94281a2a9831ae6b3408946

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"1ce-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
462
x-amz-cf-id
EzBJB2T7QrjHppWy8dwpWd4PSS9__e2FezkhvtkoDR0JIzKHJ4lzvw==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
378-67ab167c9b4c25bb.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
13 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/378-67ab167c9b4c25bb.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
5f0b08b28a09d62369e9e6b58367e52c72007a15763d85938b6bd944df840e15

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"33ff-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
Xu1BQINSGJ_dYK-yM2WL6BAVGlEUD0LEmRux9u_NKvgkq3uxElSWWQ==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
508-ef7933f0ba718f52.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
35 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
207d5e6a985555d58fb1890fb342fbbe00ca2d1f5de30363405a3802504bcab7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"8b09-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
eClFyzMH5wK_xFYUNzPRWcmr2aigFP7sdGs9JsYWkA7PMzd91br9Hg==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
684-18786c17264b4124.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
28 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/684-18786c17264b4124.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
aac365becf849a25b963e39017943cc000cc6cfbd8fb89b403c2b8d50b4b9fe7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"7129-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
atYTT7iTKr5r9IBzkV5JP400fVEv-LsKArR12D8J3pB2o8TI1_UzAA==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
page-73d2c9247f8894e0.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/sign-in/
7 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/sign-in/page-73d2c9247f8894e0.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
fd93c59f5e6a709466da507a36c465807fdd32348d85d5727af13eed13cbe178

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1b36-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
EwQVTY25WT5Wo-ggypr3Bt-ERXnwiS9DF-L2EYo-ArBnDfwftjQKjw==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
layout-73c1fd3842f5e05a.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/
215 B
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/(auth)/layout-73c1fd3842f5e05a.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
b6c9b51fe4ab0666b26fc99b8ba305d653349b9ac3234cdd5dc53918adaf53cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"d7-192c5164cd0"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
215
x-amz-cf-id
rKSucIsW1hMxZVK6Nj_iGx6TqbdyU_sYAr23fV-5h6Mxd8Cq8yYS4w==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
layout-2427b78d5ee639df.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/
650 B
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/layout-2427b78d5ee639df.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
f635a9aade026b50b4314df1ec11455bcb3762c4f0225e5c052feaeecf870a1d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"28a-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
650
x-amz-cf-id
FDgF4tvHlo6C7F7L8xO5oVy-IzRYuPphguNe9miKuKY_SNPrlf6QUA==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
495-d485ac6bab4189ce.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/
20 KB
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/495-d485ac6bab4189ce.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
3a5a728b6efc60ffdbc5f28a13086860eb8c369d0fce2e65935bb165f89feaff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"4f6f-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
PhnkFCvA8I4oUTxSIMEpr5xUdWfBHX4Gg1iLO2bu0gdelp3a_So_lQ==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
not-found-363aedb35228d921.js
bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/
428 B
0
Script
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/app/not-found-363aedb35228d921.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
655c20ed078bc39e1060322db72a15a7afb30de4d38849b34d8bb7d8169cae10

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"1ac-192c5164cd0"
age
122212
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
428
x-amz-cf-id
OPQC3J3PChWqQc9GTp2g8-XPvUI8lbYXaIQIBGTkOtWF10eKU3UM2w==
date
Sat, 26 Oct 2024 03:09:47 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 19:10:26 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
session
bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/
2 B
224 B
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/session
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
az1kgkHv4QbJdO4jROgZ_Wo7XkUTRwlV3l1cv5zwWfxzSz4__dvGsA==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P2
aeroflow_health_logo.svg
bill-pay.pr67.nxfe.aeroflow.ninja/images/
524 KB
389 KB
Image
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/images/aeroflow_health_logo.svg
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
5202f3ee40866f8af3a2b60c977d43173bc8889bbb654ff5fe94157929b563e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=0
content-encoding
gzip
etag
W/"82e09-192c516e528"
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
c9vGnX3RbHM_7BzDqljEzTK1mYUQ7zbfiqGbXR-JPdD-7DR9UnBsLw==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
image/svg+xml
last-modified
Fri, 25 Oct 2024 19:11:05 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK52-P2
favicon.ico
bill-pay.pr67.nxfe.aeroflow.ninja/
15 KB
15 KB
Other
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
b2792c92c84ee737e9786dfc2f60363f79c03c98154257f81c53618ba82ac77e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

cache-control
public, max-age=0, must-revalidate
via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
image/x-icon
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
3CVl9CxMhT9QQG1_tiUxMt4-HFpOaWjg_PcicFu6u74ddS6h_g9AOw==
providers
bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/
509 B
731 B
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/providers
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
9da695a90debb83ab4b53a7eab5bad5be90f8629af0f8e07f2c2f8425e4007f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
jQHOTH4_1Zvp6ycKUAg3ulnkK1B61DL_OjQbWa7ivmjPI-wCRq5ybw==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P2
csrf
bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/
80 B
302 B
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/csrf
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
e09504bf5b54797b5261cbb858ed470e48d336cefeb12271bec9d478e88e552c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
AXC2dyULgl71zN5qxPKHXqX1V0kEuJEERrDYiU0QcToo_HDZfqk8eg==
date
Sun, 27 Oct 2024 13:06:40 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P2
patient-auth
bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/signin/
232 B
497 B
Fetch
General
Full URL
https://bill-pay.pr67.nxfe.aeroflow.ninja/api/auth/signin/patient-auth
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.132.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-84.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/sign-in

Response headers

via
1.1 3440135ddd9561d60579f0864b6065c0.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
OBAldEZC28ze7DHM8hnoDmDwUF-QvpZj_yAozK8vlsNL6EGjYk_2tg==
date
Sun, 27 Oct 2024 13:06:41 GMT
content-type
application/json
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-amz-cf-pop
JFK52-P2
Primary Request /
login.nxfe.aeroflow.ninja/
Redirect Chain
  • https://bill-pay.nxfe.aeroflow.ninja/api/auth/patient-auth?client_id=31sj6hifeqqt9mi797flijd0bi&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%...
  • https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
9 KB
3 KB
Document
General
Full URL
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/_next/static/chunks/508-ef7933f0ba718f52.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/ Next.js
Resource Hash
f507eab895f088cf0fe4ceb0427c01003038cac38ed2884f6021b612d367b339

Request headers

Referer
https://bill-pay.pr67.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
s-maxage=420, stale-while-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 27 Oct 2024 13:06:41 GMT
etag
"13h2cjzgvvc6y6"
vary
Accept-Encoding
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
x-amz-cf-id
MBd26DbgOhTF41X2XXU5t7I1Ap4TNtarkVwoo8XHEwM1CKiZZXKI2A==
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
x-nextjs-cache
STALE
x-powered-by
Next.js

Redirect headers

date
Sun, 27 Oct 2024 13:06:41 GMT
location
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
via
1.1 6815c3ca4d42db1778cd95c71d591ac2.cloudfront.net (CloudFront)
x-amz-cf-id
1VCk_4KA9vTZn6EoJrrr79deCEncDPTI7Chl4aFkDINET2678qGGww==
x-amz-cf-pop
ORD56-P11
x-cache
Miss from cloudfront
0c14d9891c46bf52-s.p.woff2
login.nxfe.aeroflow.ninja/_next/static/media/
21 KB
21 KB
Font
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/media/0c14d9891c46bf52-s.p.woff2
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
0d7d9e78792070b7bd2018f9a742437ef8ad87a4d1b4acf2aba0e42e04811cea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.nxfe.aeroflow.ninja
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"5248-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
21064
x-amz-cf-id
tDLzUOONmSzKOGLjFBSiFxJJnLMyQS6C4WPa0Ovb5crs-ukCE9j57w==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
font/woff2
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
x-amz-cf-pop
JFK50-P6
21ed5661b47f7f6d-s.p.woff2
login.nxfe.aeroflow.ninja/_next/static/media/
38 KB
39 KB
Font
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/media/21ed5661b47f7f6d-s.p.woff2
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
dd1d87a3e43058c21090e00341b2ccce34653e9ca3e67c33e4ad7ac9ab6bc883

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.nxfe.aeroflow.ninja
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"9914-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
39188
x-amz-cf-id
JcC1zVHN_F3GyR44xrTLpQhMOvfycoSXLXXLzAvPB6dD4XzS2H7XCA==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
font/woff2
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
x-amz-cf-pop
JFK50-P6
75d48862b1c48d49-s.p.woff2
login.nxfe.aeroflow.ninja/_next/static/media/
48 KB
49 KB
Font
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/media/75d48862b1c48d49-s.p.woff2
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
c642a43ff8e9e4ed068b6ef2722c313592191b914069968696608765b5e6719e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.nxfe.aeroflow.ninja
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"c0c0-192baa835d8"
age
253444
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
49344
x-amz-cf-id
mg0FIl-6yWjLML6Z2WsPbjggZKKyxFp3dVWtMOS1Te9lfchwTFG4cQ==
date
Thu, 24 Oct 2024 14:42:37 GMT
content-type
font/woff2
last-modified
Wed, 23 Oct 2024 18:33:59 GMT
x-amz-cf-pop
JFK50-P6
a34f9d1faa5f3315-s.p.woff2
login.nxfe.aeroflow.ninja/_next/static/media/
47 KB
48 KB
Font
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/media/a34f9d1faa5f3315-s.p.woff2
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.nxfe.aeroflow.ninja
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"bdac-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
48556
x-amz-cf-id
zcd2xxLjGKB3qeOSwCRTkVkYX6xOxG5SlfsCEQyDikakgepzc6CVxA==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
font/woff2
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
x-amz-cf-pop
JFK50-P6
b401dd1bd978357e-s.p.woff2
login.nxfe.aeroflow.ninja/_next/static/media/
12 KB
12 KB
Font
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/media/b401dd1bd978357e-s.p.woff2
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
4f5343ea2af5e0d0b19691f7317c1e981c53583be7f571ce0af4049c6059adf5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://login.nxfe.aeroflow.ninja
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"2ebc-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
11964
x-amz-cf-id
uYo_pBYHHiKMFvylr_0zftgDwaqbrAjXJSrHNvDs5u3Ip5yYok7jDQ==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
font/woff2
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
x-amz-cf-pop
JFK50-P6
f52fc15512ac9986.css
login.nxfe.aeroflow.ninja/_next/static/css/
27 KB
6 KB
Stylesheet
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/css/f52fc15512ac9986.css
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
3cb5cec9a3311aed82ab987e29eec529ca1191d5ac2cae2d88535d8d481336d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"6df1-192c57eedf8"
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
j34w2Dvsgtw_bNO1jg0momHsif-5vViIiMmSLKy2UE6iEBMxuEB9OA==
date
Sun, 27 Oct 2024 13:06:41 GMT
content-type
text/css; charset=UTF-8
last-modified
Fri, 25 Oct 2024 21:04:43 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
webpack-bbbc101119880dee.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
3 KB
2 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/webpack-bbbc101119880dee.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
4a39bad621bafe90b98fd3c9c920eab10c79d47bf238bd48bbb2fdb14c81080f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"def-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
tB6jXuGludd-1_cegg9s_hc6sywiDXEQgzuqQrswyIWWb15LzXzr3g==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
b597de35-df46d6bf2baba1aa.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
169 KB
53 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/b597de35-df46d6bf2baba1aa.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
9dfce8b7d5c27051430fe789dbe4b4cb0f94fde0b399ccacfd5c9521c5584193

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2a31f-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
EDvxBWcDrvJrW1wjrJ_Ncyo5Fsq0o8wo_8K3Fnis9E7p9wbJZDQERQ==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
894-e4c286ce997aad06.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
120 KB
31 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/894-e4c286ce997aad06.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
9bd79a9bc78d51d406135241393beaecf5e1d427f88a66c566b00b56163ba854

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1e135-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
0QK7qHn_GfIGR2_ymccm8110WrF4u5s49pG5cDDeUO_15Gc3XNnr-w==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
main-app-66e19cc30c52f3d3.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
463 B
841 B
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/main-app-66e19cc30c52f3d3.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
db03dafe2418f7a880f3c19705777a88c04ed82d810c4c6e38a8213d7fc45d88

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"1cf-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
463
x-amz-cf-id
zzQdWr6oPDGI-Ho21F87dcJ5FmOfj9MU6vKROt70xXGv72thB_SrZQ==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
layout-2c3db4de1ec4fd3b.js
login.nxfe.aeroflow.ninja/_next/static/chunks/app/
16 KB
6 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/app/layout-2c3db4de1ec4fd3b.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
f4a3b79d425c57e3f44d8f8efb21618b4a818e947679ebdd8ce60607fe222209

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"40a1-192c57eedf8"
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
jQ7iEoytvvAj2K630VrlKjh5qqRvDYtmbVUlnAHKOZTn5cfraKfkwg==
date
Sun, 27 Oct 2024 13:06:41 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 25 Oct 2024 21:04:43 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
388-3b048105276ae3e8.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
14 KB
6 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/388-3b048105276ae3e8.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
a23cbe3969601843cd8e59a184fcfd9bf627b1a0608539e1413e077cd3e5cde2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"3774-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
FN30NqapHgemR59cRMv6jom7EalRl4YsGMOBulSeETGC1-S52MWYJw==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
844-3198cc6859017485.js
login.nxfe.aeroflow.ninja/_next/static/chunks/
9 KB
4 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/844-3198cc6859017485.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
327e7c9e687aa066e6eee167261e411be67c0c0fe1db9d0293b62d5b5b886b34

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"2389-192baa835d8"
age
253444
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
vZRpEN4hTw07kT07I-2CDVjc1Zm1Vt3fEbAS44tNu4VPfeTzfGBRMw==
date
Thu, 24 Oct 2024 14:42:37 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 23 Oct 2024 18:33:59 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
page-6fbf93b41aa94266.js
login.nxfe.aeroflow.ninja/_next/static/chunks/app/
8 KB
3 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/app/page-6fbf93b41aa94266.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
ae10fbaf78874d202b594c4a21ee116d52f5a1a80621172b9b00aca3a2d034f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"1e5c-192af8bd1c8"
age
511397
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
vcFopfObrUNw6sE51cIKRRz1TogYDTp9eFRXo5VowA9IrOPnieV5sA==
date
Mon, 21 Oct 2024 15:03:24 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Mon, 21 Oct 2024 14:47:09 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
loading-48160e70c44a3b80.js
login.nxfe.aeroflow.ninja/_next/static/chunks/app/
973 B
1 KB
Script
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/chunks/app/loading-48160e70c44a3b80.js
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
76844f1a1561e36cf0e1ccd9566d62a90c6f4266a79f272264c38822c0242607

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
etag
W/"3cd-192baa835d8"
age
253444
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
973
x-amz-cf-id
WzmW6uof1mUqd4OX-MGVzIBbkET55cc9hR4HUw3pvahMk0Q9Dn8UVA==
date
Thu, 24 Oct 2024 14:42:37 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 23 Oct 2024 18:33:59 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
69638cbb40164c43.css
login.nxfe.aeroflow.ninja/_next/static/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://login.nxfe.aeroflow.ninja/_next/static/css/69638cbb40164c43.css
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
77addcdf899d918c9506a0affd0cc3677d165971fc0a883f92e14a0dc8f27178

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=31536000, immutable
content-encoding
gzip
etag
W/"945-19272fd2630"
age
1147162
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
x-amz-cf-id
DqTfpEc2d9uzcHJorJwNo2ESIQVefc19sn29eVlUlEFDL1ynmr4oZQ==
date
Mon, 14 Oct 2024 06:27:19 GMT
content-type
text/css; charset=UTF-8
last-modified
Wed, 09 Oct 2024 20:34:06 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
gtm.js
www.googletagmanager.com/
368 KB
119 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
12ad779f32f314fc2ab1ad0fbdd8f00aba55bedfb1d8086ddf77d4ca66aca0ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Sun, 27 Oct 2024 13:06:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:41 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 27 Oct 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
121409
x-xss-protection
0
server
Google Tag Manager
aeroflow_health.svg
login.nxfe.aeroflow.ninja/branding/
527 KB
391 KB
Image
General
Full URL
https://login.nxfe.aeroflow.ninja/branding/aeroflow_health.svg
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/_next/static/chunks/b597de35-df46d6bf2baba1aa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
d0776374097a5a6a22f01eb59b5a153a18440394972e67a4c097785446d5cd91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=0
content-encoding
gzip
etag
W/"83ae3-192c57f8268"
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
RaMrVL83EALOWEUWjJoA_NhICPqSfHZ42QHoQ2wsb3RhQtg5UQAj2A==
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
image/svg+xml
last-modified
Fri, 25 Oct 2024 21:05:21 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
/
login.nxfe.aeroflow.ninja/
5 KB
3 KB
Fetch
General
Full URL
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/_next/static/chunks/894-e4c286ce997aad06.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/ Next.js
Resource Hash
7405f03f16c57fc787fd150c9741741be03e64fc0b70e7802e4e2a9d0e1273c8

Request headers

Next-Action
46b42a372dbaf79740a9dc027c6de6af34d16ad3
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
text/x-component
Content-Type
text/plain;charset=UTF-8
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

x-amz-cf-id
iWC4QFx700gPIHX-w026XMgSOSv5Cc3S2508TOfxqz5rfYCvI2Z3GQ==
cache-control
s-maxage=1, stale-while-revalidate
x-action-revalidated
[[],0,1]
content-encoding
gzip
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
text/x-component
x-powered-by
Next.js
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-amz-cf-pop
JFK50-P6
js
www.googletagmanager.com/gtag/
330 KB
109 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2B5MZ6GH7Z&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
dfc87801d4a4c08cf8ebf553bebb2eb4be346e157a29236891adbc1b45ebf8a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 27 Oct 2024 13:06:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
111146
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
gzip
age
4413
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 27 Oct 2024 13:53:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 11:53:09 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
destination
www.googletagmanager.com/gtag/
396 KB
127 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-1027036248&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
3086c15bb77adcf0a0b841abb63a83f354c4d21dc5c156470da7ad74102e3dfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Sun, 27 Oct 2024 13:06:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
130029
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/
229 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
eab9cbb1928a9de3ed2b7164ea7215b1ee0c9d7584d04aac97fe5b6798140c48
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-F4TJvvCK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-F4TJvvCK' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
GOOD; q=0.7, rtt=77, rtx=2, c=23, mss=1232, tbw=7054, tp=13, tpl=2, uplat=0, ullat=-1
pragma
public
x-fb-debug
OlY+3h9to2dYJye/WhGv2djPxncw+0gLfBHtPzbmz1mMG2OUyh2w2JMe2aTmk4asgJOIVCGdymX5hLLT6irb+g==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59722
x-xss-protection
0
origin-agent-cluster
?1
destination
www.googletagmanager.com/gtag/
281 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-16494318374&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
3eb5a8bf7502c51162a18fc3f8b99dc7edd48611324f77a1bbc2411e3e1f3d9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Sun, 27 Oct 2024 13:06:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 27 Oct 2024 12:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
99007
x-xss-protection
0
server
Google Tag Manager
bat.js
bat.bing.com/
50 KB
15 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: bill-pay.pr67.nxfe.aeroflow.ninja
URL: https://bill-pay.pr67.nxfe.aeroflow.ninja/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5050968EA19C45B3898F1AE860F2FAA3 Ref B: YTO01EDGE0708 Ref C: 2024-10-27T13:06:42Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame CAAE
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Flogin.nxfe.aeroflow.ninja
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQRPCZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 13:06:42 GMT
expires
Mon, 27 Oct 2025 13:06:42 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-2B5MZ6GH7Z&gtm=45je4ao0v9123014018z871838642za200zb71838642&_p=1730034401997&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101925628&cid=806571680.1730034403&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1730034402&sct=1&seg=0&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&dt=Aeroflow%20Authentication%20Portal&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1692
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2B5MZ6GH7Z&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f100.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
text/plain
server
Golfe2
favicon.ico
login.nxfe.aeroflow.ninja/
15 KB
15 KB
Other
General
Full URL
https://login.nxfe.aeroflow.ninja/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
b2792c92c84ee737e9786dfc2f60363f79c03c98154257f81c53618ba82ac77e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=0, must-revalidate
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
image/x-icon
x-amz-cf-pop
JFK50-P6
x-amz-cf-id
Dqp7hFNz1BytlWNllx0RQV7Mozr1syRmnJa3WwcNecTJkps2U2l0Ow==
/
www.googleadservices.com/pagead/conversion/16494318374/
5 KB
3 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/16494318374/?random=1730034402904&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16494318374&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.205.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f157.1e100.net
Software
cafe /
Resource Hash
1a8fc9fb67cfcbd28644ca1beff8c635f20f5b716459fd9d3791d857281b7ca4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2770
date
Sun, 27 Oct 2024 13:06:43 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
16494318374
td.doubleclick.net/td/rul/ Frame 82EE
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/16494318374?random=1730034402904&cv=11&fst=1730034402904&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&bttype=purchase&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&ct_cookie_present=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-16494318374&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.194.205.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f156.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 13:06:43 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1027036248/
6 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027036248/?random=1730034402982&cv=11&fst=1730034402982&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v899227141z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1027036248&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.157 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f157.1e100.net
Software
cafe /
Resource Hash
045004813ec4eb896b4219ff78ecb6eaba9334002dfce83b647a2de8e10efb18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2419
date
Sun, 27 Oct 2024 13:06:43 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
1027036248
td.doubleclick.net/td/rul/ Frame 1AF4
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/1027036248?random=1730034402982&cv=11&fst=1730034402982&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v899227141z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1027036248&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.194.205.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f156.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 13:06:43 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-2B5MZ6GH7Z&gtm=45je4ao0v9123014018za200zb71838642&_p=1730034401997&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101925628&cid=806571680.1730034403&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1730034402&sct=1&seg=0&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&dt=Aeroflow%20Authentication%20Portal&en=scroll&epn.percent_scrolled=90&_et=18&tfd=1921
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2B5MZ6GH7Z&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f100.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/plain
server
Golfe2
aeroflow_health.svg
login.nxfe.aeroflow.ninja/branding/
527 KB
391 KB
Image
General
Full URL
https://login.nxfe.aeroflow.ninja/branding/aeroflow_health.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/
Resource Hash
d0776374097a5a6a22f01eb59b5a153a18440394972e67a4c097785446d5cd91

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth

Response headers

cache-control
public, max-age=0
content-encoding
gzip
etag
W/"83ae3-192c57f8268"
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
x-amz-cf-id
R8HQUCXAEBAKAZEDHzQ83m2EknzjSWLE6ZSTGMeix-pd9WS_GbsTww==
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
image/svg+xml
last-modified
Fri, 25 Oct 2024 21:05:21 GMT
vary
Accept-Encoding
x-amz-cf-pop
JFK50-P6
/
login.nxfe.aeroflow.ninja/
5 KB
3 KB
Fetch
General
Full URL
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
Requested by
Host: login.nxfe.aeroflow.ninja
URL: https://login.nxfe.aeroflow.ninja/_next/static/chunks/894-e4c286ce997aad06.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-15.jfk50.r.cloudfront.net
Software
/ Next.js
Resource Hash
7405f03f16c57fc787fd150c9741741be03e64fc0b70e7802e4e2a9d0e1273c8

Request headers

Next-Action
46b42a372dbaf79740a9dc027c6de6af34d16ad3
Referer
https://login.nxfe.aeroflow.ninja/?client_id=31sj6hifeqqt9mi797flijd0bi&redirect_uri=https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
text/x-component
Content-Type
text/plain;charset=UTF-8
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22client_id%5C%22%3A%5C%2231sj6hifeqqt9mi797flijd0bi%5C%22%2C%5C%22redirect_uri%5C%22%3A%5C%22https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja%2Fapi%2Fauth%2Fcallback%2Fpatient-auth%5C%22%7D%22%2C%7B%7D%2C%22%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth%22%2C%22refresh%22%5D%7D%2Cnull%2Cnull%2Ctrue%5D

Response headers

x-amz-cf-id
GClsXjHI7zHO2JaPwGptCSRRT0NFHRs1o4WX05MXsyhSNKzxqNXgGw==
cache-control
s-maxage=1, stale-while-revalidate
x-action-revalidated
[[],0,1]
content-encoding
gzip
via
1.1 b5b0850774f11b0c2514532a2d3bdc44.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-nextjs-cache
HIT
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/x-component
x-powered-by
Next.js
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-amz-cf-pop
JFK50-P6
4046918.js
bat.bing.com/p/action/
370 B
425 B
Script
General
Full URL
https://bat.bing.com/p/action/4046918.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fce461e0fefe1d6d687b3eab8304d3affaf23fb674b18bfb5242ccfc544e1bb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 963CCAF8201844578C0F7524AF3EEAF4 Ref B: YTO01EDGE0708 Ref C: 2024-10-27T13:06:43Z
x-cache
CONFIG_NOCACHE
date
Sun, 27 Oct 2024 13:06:42 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
collect
www.google-analytics.com/j/
15 B
319 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1819072748&t=pageview&_s=1&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&ul=en-ca&de=UTF-8&dt=Aeroflow%20Authentication%20Portal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgAABAAAAAC~&jid=401476200&gjid=1884232713&cid=806571680.1730034403&tid=UA-64546168-1&_gid=310944544.1730034403&_slc=1&gtm=45He4ao0n71NQRPCZv71838642za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&z=1182736366
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
967c393cac023404781c68039057c158a5b135b8e86a3c91bd71e9ad68a5972c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
collect
stats.g.doubleclick.net/j/
1 B
653 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-64546168-1&cid=806571680.1730034403&jid=401476200&gjid=1884232713&_gid=310944544.1730034403&_u=YCDAgAABAAAAAG~&z=870118313
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
collect
www.google-analytics.com/j/
15 B
83 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1819072748&t=pageview&_s=1&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&ul=en-ca&de=UTF-8&dt=Aeroflow%20Authentication%20Portal&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCHAgEABAAAAAGAAI~&jid=1353316934&gjid=811396532&cid=806571680.1730034403&tid=UA-64546168-2&_gid=310944544.1730034403&_slc=1&gtm=45He4ao0n71NQRPCZv71838642za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&z=1184175566
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f100.1e100.net
Software
Golfe2 /
Resource Hash
db17bb2e0961e697df29a60d563444686d83ab2f4c8093ed3a657d9c71ed55fb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
collect
stats.g.doubleclick.net/j/
1 B
70 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-64546168-2&cid=806571680.1730034403&jid=1353316934&gjid=811396532&_gid=310944544.1730034403&_u=YCHAgEABAAAAAGAAI~&z=593793927
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
945948280400004
connect.facebook.net/signals/config/
68 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/945948280400004?v=2.9.174&r=stable&domain=login.nxfe.aeroflow.ninja&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
5aaeb0e0309dca879c3b1e5f454d0abea707ad456307b1723a29c39271e95375
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=46, rtx=2, c=66, mss=1232, tbw=70478, tp=67, tpl=2, uplat=68, ullat=0
pragma
public
x-fb-debug
1pbu7QffYgvuw12bAys6W6Q78KqiVmMRYq7HqV5Gl7t3mb0X8Q1bc6VVVFpNtrjzekCdRz9zl332ZugqUoklPg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.google.ca/pagead/1p-conversion/16494318374/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l...
  • https://www.google.com/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101...
  • https://www.google.ca/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=1015...
42 B
64 B
Image
General
Full URL
https://www.google.ca/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIusyssNCuiQMVaQpoCB2HHieAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiJodHRwczovL2xvZ2luLm54ZmUuYWVyb2Zsb3cubmluamEvQldDaEFJOE1uM3VBWVF3YTJDaVBEbF84VXBFaTBBRERZNFBPVTdyc2RxTDVRQUdmX3RzbzhwYVA4YlFJaklvN0xRXy1SWnZoRFcyMnZHcE1hUTFBeU5ldVE&is_vtc=1&cid=CAQSGwDpaXnfDCE94RIQgJiDzL3zqSJ6-rHA7OIGtQ&eitems=ChEI8Mn3uAYQweWqrPCapNnCARIdAD8nWZtLHpCoW7xDad-jnSzwoXId9fZ_dcOtmmk&random=361577146&ipr=y
Protocol
H3
Server
173.194.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qr-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:44 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://www.google.ca/pagead/1p-conversion/16494318374/?random=1565691047&cv=11&fst=1730034402904&bg=ffffff&guid=ON&async=1&gtm=45be4ao0z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&label=ZvymCPyauJwZEKamjbk9&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&value=0&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSixldmVudC1zb3VyY2UsIHRyaWdnZXIsIG5vdC1uYXZpZ2F0aW9uLXNvdXJjZVoDCgEBYgQKAgID&pscrd=IhMIusyssNCuiQMVaQpoCB2HHieAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOiJodHRwczovL2xvZ2luLm54ZmUuYWVyb2Zsb3cubmluamEvQldDaEFJOE1uM3VBWVF3YTJDaVBEbF84VXBFaTBBRERZNFBPVTdyc2RxTDVRQUdmX3RzbzhwYVA4YlFJaklvN0xRXy1SWnZoRFcyMnZHcE1hUTFBeU5ldVE&is_vtc=1&cid=CAQSGwDpaXnfDCE94RIQgJiDzL3zqSJ6-rHA7OIGtQ&eitems=ChEI8Mn3uAYQweWqrPCapNnCARIdAD8nWZtLHpCoW7xDad-jnSzwoXId9fZ_dcOtmmk&random=361577146&ipr=y
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:43 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
0
bat.bing.com/action/
0
361 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=4046918&Ver=2&mid=a1812b1f-6da8-4f7f-9d70-8d8428abae53&bo=1&sid=504a6df0946411ef84ab0d7b4c02de37&vid=504aa850946411efb6e261aed3903d0f&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Aeroflow%20Authentication%20Portal&p=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&r=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&lt=853&evt=pageLoad&sv=1&cdb=AQAQ&rn=402486
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7754F8A58E0F45468E0424C5722AB636 Ref B: YTO01EDGE0708 Ref C: 2024-10-27T13:06:43Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Sun, 27 Oct 2024 13:06:43 GMT
js
www.googletagmanager.com/gtag/
305 KB
103 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-TNWFCRR7X6&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
3fc398d26e09d63b4294ba9337b43f1a4151bca91d4f3b00ca924498945761f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 27 Oct 2024 13:06:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
105621
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
360 KB
115 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3KTGX16CWX&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
9a1c7ff77320abbc96c7278cbf06e20b50fe11c8b8b2fd5dd3fd81905db2e346
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 27 Oct 2024 13:06:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
118221
x-xss-protection
0
server
Google Tag Manager
1408608419408207
connect.facebook.net/signals/config/
44 KB
8 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1408608419408207?v=2.9.174&r=stable&domain=login.nxfe.aeroflow.ninja&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113%2C163%2C195%2C197%2C122%2C157%2C145%2C151%2C129%2C232%2C116%2C127%2C146%2C173%2C159%2C118%2C233%2C165%2C119%2C235%2C166%2C136%2C123%2C154%2C148%2C114%2C128
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
f99de3e4b9254b9cebc8760d5d58e8b8cbe0cb9c5a422aad9dc120463c5692c5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-Sh80N016' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-Sh80N016' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=2, c=78, mss=1232, tbw=85918, tp=82, tpl=2, uplat=86, ullat=0
pragma
public
x-fb-debug
y+FCDS+lWZfojNUMMeqqeJUxskJ39B2r4/svxW09u0azupafDrWDI+eOArJvSUpw0RMjKLg5c5SN2EKtcJxtKA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=945948280400004&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403685&sw=1600&sh=1200&v=2.9.174&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=af82e8&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&tm=1&cs_cc=1&cas=7555992824489338%2C7329067697202036&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1316, tbw=2977, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=945948280400004&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403685&sw=1600&sh=1200&v=2.9.174&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=af82e8&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&tm=1&cs_cc=1&cas=7555992824489338%2C7329067697202036&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7430441183602040849"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
A9xOQt/g6A+c9PvcSctwQ21w/96WKFFJ9L90rA6Ipe+9UL7SwX866N+gZ/BsReUQB3pvOhG6MmdjyrCMuI7VoQ==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7430441183602040849", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=17, mss=1316, tbw=3662, tp=-1, tpl=-1, uplat=62, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
/
www.google.com/pagead/1p-user-list/1027036248/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1027036248/?random=1730034402982&cv=11&fst=1730034000000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v899227141z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfSl_6PwvszO1TFfXP4GO4HBT6b41mYQ&random=2661484404&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.174.106 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
qc-in-f106.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:43 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.ca/pagead/1p-user-list/1027036248/
42 B
64 B
Image
General
Full URL
https://www.google.ca/pagead/1p-user-list/1027036248/?random=1730034402982&cv=11&fst=1730034000000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v899227141z871838642za201zb71838642&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&ref=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&hn=www.googleadservices.com&frm=0&tiba=Aeroflow%20Authentication%20Portal&npa=0&pscdl=noapi&auid=45742052.1730034402&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfSl_6PwvszO1TFfXP4GO4HBT6b41mYQ&random=2661484404&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qr-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:43 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.facebook.com/tr/
0
103 B
Image
General
Full URL
https://www.facebook.com/tr/?id=945948280400004&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403831&sw=1600&sh=1200&v=2.9.174&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=af82e8&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&cs_cc=1&cas=7555992824489338%2C7329067697202036&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1316, tbw=3391, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
848 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=945948280400004&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403831&sw=1600&sh=1200&v=2.9.174&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=af82e8&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&cs_cc=1&cas=7555992824489338%2C7329067697202036&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7430441183155348783"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
ZOMESHI0XG/WhppcsCwDePkgdXwL+zomc6nxgFS7Fh6acBItSaBO2XZ1UiWSzhaVfpUGi7cpvu5TBeCOxkCiew==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7430441183155348783", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=17, mss=1316, tbw=6921, tp=-1, tpl=-1, uplat=25, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
/
www.facebook.com/tr/
0
102 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1408608419408207&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403834&sw=1600&sh=1200&v=2.9.174&r=stable&ec=0&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=dab548&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&cs_cc=1&cas=1159021900849016%2C6957821380988275%2C8180261645339463%2C7684033251660758%2C8081572681893410%2C7661930780535649%2C2281920375248901&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1316, tbw=3507, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
1 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1408608419408207&ev=PageView&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja&rl=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja&if=false&ts=1730034403834&sw=1600&sh=1200&v=2.9.174&r=stable&ec=0&o=4124&fbp=fb.1.1730034403682.99232751427849301&pm=1&hrl=dab548&ler=other&cdl=API_unavailable&it=1730034403109&coo=false&cs_cc=1&cas=1159021900849016%2C6957821380988275%2C8180261645339463%2C7684033251660758%2C8081572681893410%2C7661930780535649%2C2281920375248901&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7430441183290110303"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x03e004a4424914c7","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["4899326936773006","1549594595149930"]},"debug_reporting":true,"debug_key":"4115899326964701757"}
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
KanqDJTdYOEw8oKVn9GXSXXxenD66u9fc+qFsoDNnxgHET/K6HHRXmHvbhTwccd35u60Ko0bqijqpL0RSu75qQ==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7430441183290110303", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=17, mss=1316, tbw=7791, tp=-1, tpl=-1, uplat=26, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?0
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-TNWFCRR7X6&gtm=45je4ao0v9164377629za200&_p=1730034401997&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101533421~101823848~101925629&ul=en-ca&sr=1600x1200&cid=806571680.1730034403&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&dt=Aeroflow%20Authentication%20Portal&sid=1730034403&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2829
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TNWFCRR7X6&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:44 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
260 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-TNWFCRR7X6&cid=806571680.1730034403&gtm=45je4ao0v9164377629za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101533421~101823848~101925629
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TNWFCRR7X6&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.192.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:43 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 40EB
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-TNWFCRR7X6&gacid=806571680.1730034403&gtm=45je4ao0v9164377629za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101925629&z=1782513811
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TNWFCRR7X6&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.194.205.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f156.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 13:06:44 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.ca/ads/
42 B
63 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-TNWFCRR7X6&cid=806571680.1730034403&gtm=45je4ao0v9164377629za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101533421~101823848~101925629&tag_exp=101533421~101823848~101925629&z=490394530
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qr-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:44 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-3KTGX16CWX&gtm=45je4ao0v899227879za200&_p=1730034401997&_gaz=1&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101533421~101823848&ul=en-ca&sr=1600x1200&cid=806571680.1730034403&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Flogin.nxfe.aeroflow.ninja%2F%3Fclient_id%3D31sj6hifeqqt9mi797flijd0bi%26redirect_uri%3Dhttps%253A%252F%252Fbill-pay.nxfe.aeroflow.ninja%252Fapi%252Fauth%252Fcallback%252Fpatient-auth&dr=https%3A%2F%2Fbill-pay.pr67.nxfe.aeroflow.ninja%2F&dt=Aeroflow%20Authentication%20Portal&sid=1730034404&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2941
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3KTGX16CWX&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:44 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
20 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-3KTGX16CWX&cid=806571680.1730034403&gtm=45je4ao0v899227879za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101533421~101823848
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3KTGX16CWX&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.192.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qn-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://login.nxfe.aeroflow.ninja
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 27 Oct 2024 13:06:44 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 8D38
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-3KTGX16CWX&gacid=806571680.1730034403&gtm=45je4ao0v899227879za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&_ng=1&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848&z=1833050787
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3KTGX16CWX&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.194.205.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qm-in-f156.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.nxfe.aeroflow.ninja/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 27 Oct 2024 13:06:44 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.ca/ads/
42 B
63 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-3KTGX16CWX&cid=806571680.1730034403&gtm=45je4ao0v899227879za200&aip=1&dma=0&gcd=13l3l3l3l2l1&npa=0&frm=0&tag_exp=101533421~101823848&tag_exp=101533421~101823848&z=2118987277
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
173.194.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qr-in-f94.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://login.nxfe.aeroflow.ninja/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 27 Oct 2024 13:06:44 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| webpackChunk_N_E object| __next_f object| next object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| _fbq_gtm_ids object| uetq function| onYouTubeIframeAPIReady object| gaGlobal object| GooglebQhCsO function| UET function| UET_init function| UET_push object| ueto_2ff647290d object| gaplugins object| gaData

24 Cookies

Domain/Path Name / Value
bill-pay.pr67.nxfe.aeroflow.ninja/ Name: __Host-next-auth.csrf-token
Value: 82d367b1f6458a9331a697ad9d49e3384e3f66a7060fcb5a03e93d8e83bdddf6%7C0e75d775e7f5a38d81d6f5fff826aadb972f01b208ecd453e11d83f1c47d540b
bill-pay.pr67.nxfe.aeroflow.ninja/ Name: __Secure-next-auth.callback-url
Value: https%3A%2F%2Fbill-pay.nxfe.aeroflow.ninja
.aeroflow.ninja/ Name: _gcl_au
Value: 1.1.45742052.1730034402
login.nxfe.aeroflow.ninja/ Name: idpToken
Value:
login.nxfe.aeroflow.ninja/ Name: providerName
Value:
login.nxfe.aeroflow.ninja/ Name: state
Value:
login.nxfe.aeroflow.ninja/ Name: userPoolName
Value: cbaQgPxRD
.login.nxfe.aeroflow.ninja/ Name: _ga
Value: GA1.4.806571680.1730034403
.login.nxfe.aeroflow.ninja/ Name: _gid
Value: GA1.4.310944544.1730034403
.login.nxfe.aeroflow.ninja/ Name: _dc_gtm_UA-64546168-1
Value: 1
.aeroflow.ninja/ Name: _ga
Value: GA1.2.806571680.1730034403
.aeroflow.ninja/ Name: _gid
Value: GA1.2.310944544.1730034403
.aeroflow.ninja/ Name: _dc_gtm_UA-64546168-2
Value: 1
login.nxfe.aeroflow.ninja/ Name: client_id
Value: e8bd52b778c378283e9669d9%3A0f61572062f2f2b88da8db460f3135e1%3A63cbecec7a1774d901d06f40574c647b71510d4e812e5d31a748
login.nxfe.aeroflow.ninja/ Name: redirect_uri
Value: dd61ef32bf266dfa9853b1e4%3A55967f2569fdcc1de5b5e0d663438320%3Ab2a31ed9c1a0785747aa37167c086b08351071a967035ee081067cb505082bf7b1b1c573a957c57c669e4812f21b776bb74d0ec8afc08c3926b49b24861dc9b018c3f0
.aeroflow.ninja/ Name: _uetsid
Value: 504a6df0946411ef84ab0d7b4c02de37
.aeroflow.ninja/ Name: _uetvid
Value: 504aa850946411efb6e261aed3903d0f
.aeroflow.ninja/ Name: _ga_2B5MZ6GH7Z
Value: GS1.1.1730034402.1.1.1730034403.0.0.0
.aeroflow.ninja/ Name: _fbp
Value: fb.1.1730034403682.99232751427849301
.bing.com/ Name: MUID
Value: 3A1DE58695DF65F7147EF0A3947564FE
.bat.bing.com/ Name: MR
Value: 0
.login.nxfe.aeroflow.ninja/ Name: _ga_TNWFCRR7X6
Value: GS1.4.1730034403.1.0.1730034403.60.0.0
.aeroflow.ninja/ Name: _ga_3KTGX16CWX
Value: GS1.2.1730034404.1.0.1730034404.60.0.0
.doubleclick.net/ Name: IDE
Value: AHWqTUk7mnlIzWSg_whyuGbokiOEF83zbM5PIhP7gF0IiX9_PQyxZvefx5YcrgTq

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
bat.bing.com
bill-pay.nxfe.aeroflow.ninja
bill-pay.pr67.nxfe.aeroflow.ninja
connect.facebook.net
googleads.g.doubleclick.net
login.nxfe.aeroflow.ninja
stats.g.doubleclick.net
td.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
142.251.16.157
142.251.174.106
150.171.28.10
157.240.229.35
172.253.122.100
173.194.205.156
173.194.205.157
173.194.68.94
18.164.116.15
18.173.132.84
216.239.38.181
3.171.22.73
31.13.66.19
74.125.192.157
74.125.192.97
045004813ec4eb896b4219ff78ecb6eaba9334002dfce83b647a2de8e10efb18
054ee4fb007190a56f3b1d4ea26aa8380702e47575150a5da1a2f8d0d941e045
0d7d9e78792070b7bd2018f9a742437ef8ad87a4d1b4acf2aba0e42e04811cea
12ad779f32f314fc2ab1ad0fbdd8f00aba55bedfb1d8086ddf77d4ca66aca0ee
1a8fc9fb67cfcbd28644ca1beff8c635f20f5b716459fd9d3791d857281b7ca4
207d5e6a985555d58fb1890fb342fbbe00ca2d1f5de30363405a3802504bcab7
3086c15bb77adcf0a0b841abb63a83f354c4d21dc5c156470da7ad74102e3dfd
327e7c9e687aa066e6eee167261e411be67c0c0fe1db9d0293b62d5b5b886b34
37f7d331352bcb85e8c097272720ac6e4af4c078043a25055b48156ff59d5938
3a5a728b6efc60ffdbc5f28a13086860eb8c369d0fce2e65935bb165f89feaff
3cb5cec9a3311aed82ab987e29eec529ca1191d5ac2cae2d88535d8d481336d8
3eb5a8bf7502c51162a18fc3f8b99dc7edd48611324f77a1bbc2411e3e1f3d9b
3fc398d26e09d63b4294ba9337b43f1a4151bca91d4f3b00ca924498945761f9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a39bad621bafe90b98fd3c9c920eab10c79d47bf238bd48bbb2fdb14c81080f
4f5343ea2af5e0d0b19691f7317c1e981c53583be7f571ce0af4049c6059adf5
5202f3ee40866f8af3a2b60c977d43173bc8889bbb654ff5fe94157929b563e9
5907dbcbdab3e72afb9cd0dc9d45189827916a50d94281a2a9831ae6b3408946
5aaeb0e0309dca879c3b1e5f454d0abea707ad456307b1723a29c39271e95375
5f0b08b28a09d62369e9e6b58367e52c72007a15763d85938b6bd944df840e15
655c20ed078bc39e1060322db72a15a7afb30de4d38849b34d8bb7d8169cae10
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7405f03f16c57fc787fd150c9741741be03e64fc0b70e7802e4e2a9d0e1273c8
76844f1a1561e36cf0e1ccd9566d62a90c6f4266a79f272264c38822c0242607
77addcdf899d918c9506a0affd0cc3677d165971fc0a883f92e14a0dc8f27178
967c393cac023404781c68039057c158a5b135b8e86a3c91bd71e9ad68a5972c
9a1c7ff77320abbc96c7278cbf06e20b50fe11c8b8b2fd5dd3fd81905db2e346
9aaebf59f4128046dfa1c5f168d4f976056a12105d658a3ad9ee9862f96ad531
9bd79a9bc78d51d406135241393beaecf5e1d427f88a66c566b00b56163ba854
9da695a90debb83ab4b53a7eab5bad5be90f8629af0f8e07f2c2f8425e4007f4
9dfce8b7d5c27051430fe789dbe4b4cb0f94fde0b399ccacfd5c9521c5584193
a1864dec0b0143918dfa672e638af26807ec8c589d92e51a061dfecb1326ae79
a23cbe3969601843cd8e59a184fcfd9bf627b1a0608539e1413e077cd3e5cde2
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
aac365becf849a25b963e39017943cc000cc6cfbd8fb89b403c2b8d50b4b9fe7
ae10fbaf78874d202b594c4a21ee116d52f5a1a80621172b9b00aca3a2d034f3
b2792c92c84ee737e9786dfc2f60363f79c03c98154257f81c53618ba82ac77e
b6c9b51fe4ab0666b26fc99b8ba305d653349b9ac3234cdd5dc53918adaf53cb
c0ac952012e14fa0ac2e2167bcad021e4bed54129c9efea69caee9e8302cd8fb
c642a43ff8e9e4ed068b6ef2722c313592191b914069968696608765b5e6719e
c6a9569a4d24b9f0a4c5343f6c9bec0aaa37c43ef776c6245483e86492c6b123
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
d0776374097a5a6a22f01eb59b5a153a18440394972e67a4c097785446d5cd91
db03dafe2418f7a880f3c19705777a88c04ed82d810c4c6e38a8213d7fc45d88
db17bb2e0961e697df29a60d563444686d83ab2f4c8093ed3a657d9c71ed55fb
dd1d87a3e43058c21090e00341b2ccce34653e9ca3e67c33e4ad7ac9ab6bc883
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfc87801d4a4c08cf8ebf553bebb2eb4be346e157a29236891adbc1b45ebf8a2
e09504bf5b54797b5261cbb858ed470e48d336cefeb12271bec9d478e88e552c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eab9cbb1928a9de3ed2b7164ea7215b1ee0c9d7584d04aac97fe5b6798140c48
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4a3b79d425c57e3f44d8f8efb21618b4a818e947679ebdd8ce60607fe222209
f507eab895f088cf0fe4ceb0427c01003038cac38ed2884f6021b612d367b339
f635a9aade026b50b4314df1ec11455bcb3762c4f0225e5c052feaeecf870a1d
f99de3e4b9254b9cebc8760d5d58e8b8cbe0cb9c5a422aad9dc120463c5692c5
fce461e0fefe1d6d687b3eab8304d3affaf23fb674b18bfb5242ccfc544e1bb7
fd93c59f5e6a709466da507a36c465807fdd32348d85d5727af13eed13cbe178