www.fbarefund.com Open in urlscan Pro
2606:4700::6810:10c2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.fbarefund.com/
Effective URL:
https://www.fbarefund.com/optin-33129146
Submission: On June 25 via automatic, source certstream-suspicious (June 25th 2021, 3:17:09 pm UTC)

Summary HTTP 77 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 18 domains to perform 77 HTTP transactions. The main IP is 2606:4700::6810:10c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.fbarefund.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 25th 2021. Valid for: a year.

This is the only time www.fbarefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	2606:4700::68... 2606:4700::6810:10c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:cc2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	54.72.172.153 54.72.172.153	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:1::9	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:6b::9	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
77	24

15 2606:4700::6810:10c2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.fbarefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
refund.sellerinvestigators.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.111.9.35 (United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:cc2 (United States)

ASN13335 (CLOUDFLARENET, US)

app.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.clickfunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.172.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-172-153.eu-west-1.compute.amazonaws.com

track.addevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:1::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r4---sn-4g5e6nzz.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:6b::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r4---sn-4g5ednss.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	youtube.com www.youtube.com	769 KB
12	sellerinvestigators.com refund.sellerinvestigators.com	2 MB
10	googlevideo.com r4---sn-4g5e6nzz.googlevideo.com r4---sn-4g5ednss.googlevideo.com	1 MB
6	gstatic.com fonts.gstatic.com www.gstatic.com	80 KB
5	clickfunnels.com app.clickfunnels.com assets.clickfunnels.com	4 KB
3	doubleclick.net googleads.g.doubleclick.net static.doubleclick.net	1 KB
3	fontawesome.com use.fontawesome.com	93 KB
3	fbarefund.com 1 redirects www.fbarefund.com	23 KB
2	ggpht.com yt3.ggpht.com	5 KB
2	google.com www.google.com	13 KB
2	googleapis.com fonts.googleapis.com	3 KB
1	nr-data.net bam-cell.nr-data.net	915 B
1	newrelic.com js-agent.newrelic.com	12 KB
1	google.de www.google.de	108 B
1	addevent.com track.addevent.com
1	googleadservices.com www.googleadservices.com	14 KB
1	cloudflareinsights.com static.cloudflareinsights.com	5 KB
1	googletagmanager.com www.googletagmanager.com	34 KB
77	18

	Domain	Requested by
23	www.youtube.com	www.fbarefund.com www.youtube.com refund.sellerinvestigators.com
12	refund.sellerinvestigators.com	www.fbarefund.com refund.sellerinvestigators.com
8	r4---sn-4g5ednss.googlevideo.com	www.youtube.com
5	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	app.clickfunnels.com	www.fbarefund.com refund.sellerinvestigators.com
3	use.fontawesome.com	www.fbarefund.com use.fontawesome.com
3	www.fbarefund.com	1 redirects static.cloudflareinsights.com
2	r4---sn-4g5e6nzz.googlevideo.com	www.youtube.com
2	yt3.ggpht.com	www.youtube.com
2	www.google.com	www.fbarefund.com www.youtube.com
2	googleads.g.doubleclick.net	www.googleadservices.com www.youtube.com
2	fonts.googleapis.com	www.fbarefund.com
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	assets.clickfunnels.com
1	js-agent.newrelic.com	www.fbarefund.com
1	www.gstatic.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	www.google.de	www.fbarefund.com
1	track.addevent.com	www.fbarefund.com
1	www.googleadservices.com	www.googletagmanager.com
1	static.cloudflareinsights.com	www.fbarefund.com
1	www.googletagmanager.com	www.fbarefund.com
77	22

This site contains no links.

Subject Issuer	Validity	Valid
www.fbarefund.com Cloudflare Inc ECC CA-3	`2021-06-25` - `2022-06-24`	a year	crt.sh
refund.sellerinvestigators.com Cloudflare Inc ECC CA-3	`2021-05-31` - `2022-05-30`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
ssl566619.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-04-06` - `2021-10-13`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
addevent.com Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-06-15` - `2021-08-24`	2 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-21` - `2022-04-10`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 3 frames:

Primary Page: https://www.fbarefund.com/optin-33129146
Frame ID: C1AB861FE7C00D0C1B3458DA0CBDD8A6
Requests: 39 HTTP requests in this frame

Frame: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 82923B3D26C38A013B2B3E4A04B529E3
Requests: 6 HTTP requests in this frame

Frame: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Frame ID: 9673E67EE2792F7D665DF5ED41F498B4
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.fbarefund.com/ HTTP 302
https://www.fbarefund.com/optin-33129146 Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

77
Requests

100 %
HTTPS

78 %
IPv6

18
Domains

22
Subdomains

24
IPs

3
Countries

3910 kB
Transfer

9081 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.fbarefund.com/ HTTP 302
https://www.fbarefund.com/optin-33129146 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

77 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request optin-33129146 Show response
www.fbarefund.com/
Redirect Chain

https://www.fbarefund.com/
https://www.fbarefund.com/optin-33129146

168 KB
22 KB

514ms
513ms

Document
text/html

2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

11c99785b39998d66eb8a044c4fbb3e8dd9d3722edb221f73432c4dee11ec64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

:method: GET
:authority: www.fbarefund.com
:scheme: https
:path: /optin-33129146
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d970a1cc9d23b4f73a876db6dd93c98c81624634211; __cf_bm=b443aec36df1b3a4199eb4ac49297d7c7f87a9a6-1624634212-1800-AZ1P+SajfhdYItsCGQdVKt6gMJraw52TN2v4Gpl3SAHIQIZxjLL33D0BveqSJI/jMdaflulkHawqVRclJLpz25NFR5bl4Q/sYDB5FUVO2S5c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-type: text/html; charset=utf-8
cf-ray: 664f28d52bbabf0f-FRA
access-control-allow-origin: *
cache-control: no-cache, private
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
cf-request-id: 0ae557d93d0000bf0fd5be1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200 OK
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: 05cf02a7bee293632172a745c3da20de
x-runtime: 0.336379
server: cloudflare
content-encoding: br

Redirect headers

date: Fri, 25 Jun 2021 15:16:52 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d970a1cc9d23b4f73a876db6dd93c98c81624634211; expires=Sun, 25-Jul-21 15:16:51 GMT; path=/; domain=.www.fbarefund.com; HttpOnly; SameSite=Lax __cf_bm=b443aec36df1b3a4199eb4ac49297d7c7f87a9a6-1624634212-1800-AZ1P+SajfhdYItsCGQdVKt6gMJraw52TN2v4Gpl3SAHIQIZxjLL33D0BveqSJI/jMdaflulkHawqVRclJLpz25NFR5bl4Q/sYDB5FUVO2S5c; path=/; expires=Fri, 25-Jun-21 15:46:52 GMT; domain=.www.fbarefund.com; HttpOnly; Secure; SameSite=None
location: https://www.fbarefund.com/optin-33129146
cf-ray: 664f28ce9f0cbf0f-FRA
access-control-allow-origin: *
cache-control: no-cache, no-store
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-request-method: *
cf-request-id: 0ae557d51e0000bf0fa0bf7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
pragma: no-cache
status: 302 Found
x-frame-options: ALLOWALL
x-powered-by: Phusion Passenger Enterprise 6.0.7
x-rack-cache: miss
x-request-id: a20bc36755267c11080d2888b83fe59f
x-runtime: 0.600556
server: cloudflare

GET
H2 200 lander.css
refund.sellerinvestigators.com/assets/ 425 KB
65 KB 128ms
87ms Stylesheet
text/css 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refund.sellerinvestigators.com/assets/lander.css

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 991
cf-request-id: 0ae557db6f0000c29a0e1b4000000001
last-modified: Thu, 24 Jun 2021 18:08:23 GMT
server: cloudflare
etag: W/"60d4ca17-6a514"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 664f28d8bd71c29a-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Fri, 25 Jun 2021 15:36:53 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.9.0/css/ 55 KB
14 KB 26ms
11ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2019 20:35:33 GMT
server: NetDNA-cache/2.2
etag: W/"dbf9d822cefe851ba6f66e1ad57e8987"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.9.0/css/ 26 KB
5 KB 27ms
13ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/css/v4-shims.css
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: gzip
last-modified: Tue, 04 Jun 2019 20:35:35 GMT
server: NetDNA-cache/2.2
etag: W/"e140a7d32f343530f016095df3cc2ae4"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 css
fonts.googleapis.com/ 44 KB
2 KB 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f76553e0cbb772f7113a3814491ae325e271355e87985e7e4754a8bb75b7dcb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 13:53:51 GMT
server: ESF
date: Fri, 25 Jun 2021 15:16:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Jun 2021 15:16:53 GMT

GET
H2 200 application.js Show response
refund.sellerinvestigators.com/assets/userevents/ 5 KB
2 KB 53ms
53ms Script
application/x-javascript 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refund.sellerinvestigators.com/assets/userevents/application.js

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 995
cf-request-id: 0ae557dbd40000c29ae5a91000000001
last-modified: Thu, 24 Jun 2021 18:08:23 GMT
server: cloudflare
etag: W/"60d4ca17-1353"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 664f28d95e69c29a-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Fri, 25 Jun 2021 15:36:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
34 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-702614481

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7d1f446e9f1479578dd4a689b32888ae7e62a5a62fb9edd7d47adcafbec12aa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35076
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Jun 2021 15:16:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
763 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=sans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7CRoboto+Slab%7COpen+Sans%7CRoboto+Slab%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7C%7C

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf28914211cd82b6bba7523b6cb9492e01cf38ae008062de2972941e776e01a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 15:16:53 GMT
server: ESF
date: Fri, 25 Jun 2021 15:16:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Jun 2021 15:16:53 GMT

GET
H2 200 lander.js Show response
refund.sellerinvestigators.com/assets/ 2 MB
617 KB 132ms
97ms Script
application/x-javascript 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refund.sellerinvestigators.com/assets/lander.js

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1241e2e2d141171600e1cca249282055448e13e64a3abb314e3a959c251bed86

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 994
cf-request-id: 0ae557db700000c29af31c3000000001
last-modified: Thu, 24 Jun 2021 18:08:23 GMT
server: cloudflare
etag: W/"60d4ca17-2341ea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 664f28d8bd74c29a-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Fri, 25 Jun 2021 15:36:53 GMT

GET
H2 200 pushcrew.js Show response
app.clickfunnels.com/assets/ 637 B
1 KB 109ms
80ms Script
application/x-javascript 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/assets/pushcrew.js

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 37
cf-request-id: 0ae557dbfe00002b4dbc23b000000001
last-modified: Thu, 24 Jun 2021 18:08:22 GMT
server: cloudflare
etag: W/"60d4ca16-27d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
access-control-allow-credentials: true
cf-ray: 664f28d99f4d2b4d-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
expires: Fri, 25 Jun 2021 15:36:53 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 13 KB
5 KB 48ms
21ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: gzip
last-modified: Fri, 28 May 2021 17:24:20 GMT
server: cloudflare
etag: W/"5753bdd2-d310-49fa-bd2b-065a8e512116"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 664f28d99dbc97b4-FRA
cf-request-id: 0ae557dc00000097b4da9c5000000001

GET
H2 200 EOYTQAN9BDM Show response
www.youtube.com/embed/ Frame 8292 54 KB
22 KB 87ms
87ms Document
text/html 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f48caff6ca62c81ebeb79b5a8b5452bdb3953ade043146e54d4a53f5e929c2ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fbarefund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fbarefund.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Jun 2021 15:16:53 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=ArnbgGi2kX8; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=MSQuC38ySrI; Domain=.youtube.com; Expires=Wed, 22-Dec-2021 15:16:53 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+297; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 26 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amazon-warehouse.jpg
refund.sellerinvestigators.com/hosted/images/34/6a78bdb65a435798850b32ada4d067/ 504 KB
505 KB 751ms
749ms Image
image/jpeg 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/34/6a78bdb65a435798850b32ada4d067/amazon-warehouse.jpg
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 823bec83b3545561c593e060cb30298199d5ceedd3e66ca78fdade682d0d0e9c

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
cf-cache-status: MISS
last-modified: Fri, 22 Nov 2019 19:53:55 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "495907cf10fda3739cf757649bc99423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28d98ebac29a-FRA
content-length: 516074
cf-request-id: 0ae557dbf20000c29ae0212000000001

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700%7COswald:400,700%7CDroid+Sans:400,700%7CRoboto:400,700%7CLato:400,700%7CPT+Sans:400,700%7CSource+Sans+Pro:400,600,700%7CNoto+Sans:400,700%7CPT+Sans:400,700%7CUbuntu:400,700%7CBitter:400,700%7CPT+Serif:400,700%7CRokkitt:400,700%7CDroid+Serif:400,700%7CRaleway:400,700%7CInconsolata:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fbarefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 18:46:29 GMT
x-content-type-options: nosniff
age: 246624
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 18:46:29 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.9.0/webfonts/ 74 KB
74 KB 30ms
17ms Font
font/woff2 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.9.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.9.0/css/all.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Request headers

Origin: https://www.fbarefund.com
Referer: https://use.fontawesome.com/releases/v5.9.0/css/all.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
last-modified: Tue, 04 Jun 2019 20:34:47 GMT
server: NetDNA-cache/2.2
etag: "b5cf8ae26748570d8fb95a47f46b69e1"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 75440

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fbarefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 22:24:53 GMT
x-content-type-options: nosniff
age: 233520
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:24:53 GMT

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2
fonts.gstatic.com/s/robotoslab/v13/ 19 KB
19 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rj.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=sans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7CRoboto+Slab%7COpen+Sans%7CRoboto+Slab%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7COpen+Sans%7Csans-serif%7C%7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5a693ec553fed00d0a2992eb32b82b250e7c64ef7928c117d4c0949b62d4dca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fbarefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 00:37:31 GMT
x-content-type-options: nosniff
age: 225562
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19252
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:04:05 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 00:37:31 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/11aba956/ Frame 8292 108 KB
0 18ms
14ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88492
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45760
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:01 GMT

GET
H3-29 200 www-embed-player.js
www.youtube.com/s/player/11aba956/www-embed-player.vflset/ Frame 8292 194 KB
0 27ms
23ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88447
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65327
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:46 GMT

GET
H3-29 200 base.js
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 8292 512 KB
0 30ms
26ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88492
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 495471
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:01 GMT

GET
H3-29 200 fetch-polyfill.js
www.youtube.com/s/player/11aba956/fetch-polyfill.vflset/ Frame 8292 8 KB
0 17ms
14ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88447
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:46 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8292 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 21:15:46 GMT
x-content-type-options: nosniff
age: 237667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 21:15:46 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 41ms
17ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-702614481

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14011
x-xss-protection: 0
server: cafe
etag: 1690124483490796579
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Jun 2021 15:16:53 GMT

GET
H2 200 vendor.js Show response
refund.sellerinvestigators.com/ 18 KB
5 KB 724ms
722ms Script
application/javascript 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refund.sellerinvestigators.com/vendor.js

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 200 OK
cf-request-id: 0ae557dd3b0000c29a4f97a000000001
x-request-id: 4d2ec8824fc4e36a0046d576c3e2daa6
x-runtime: 0.017407
x-content-digest: 581e49c9b7bdd06dab54c00931f4256b223e620e
server: cloudflare
x-frame-options: ALLOWALL
etag: W/"7422e50efbaea439fda7ef3b0eb54ee1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, public
access-control-allow-credentials: true
cf-ray: 664f28db7a7cc29a-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: stale, valid, store

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
330 B 232ms
216ms XHR
text/html 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=K25JTmhQNkpDZzVCUHI5QWZoZjhnUT09LS1rTGhKRkU5UHh4NjA3OThLZkxuY1dRPT0%3D--8046d123d2498682d0e85cd0e17a6e2144afd934&page_id=cTVOdzg5Q2pDZEJiSTVEVHNIUWtwUT09LS1RdVUraW1kdkFONnorSW9ReWZUK2tnPT0%3D--b8178ff4553a54263d3b6f69ee0f51e2fb45f563&funnel_step_id=ZHY3WURIcm9Xa2I2YkJEdWVOalByZz09LS1wbWlTMTdzamoxaXVuWEtMR2craWZRPT0%3D--971d970e4ae588afdd35d7df77ff5c018af78d97&user_id=S290d2hkVDF6L1ErR2YwWDFNRThYQT09LS04V1paak5ocmQxWm9YQnpFS2hYcnJRPT0%3D--21fceba064bf18f49651adf71da211e862a2d50b&account_id=bURZZzJvT3dRU3Q0RzhMbzB0ZWd2dz09LS1NNFpzT25DQy9NdE1sMngxdnlUNlZ3PT0%3D--77e3e7f5e63dadfab93472138ab88dc41857b1a4&page_code=MzM4MDcwMjk%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::PageviewsCreatedSummary&nonce=d1bdb6a0-c413-4228-a917-62ec89df7270&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
access-control-request-method: *
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
cf-request-id: 0ae557dd3f00004dfa98081000000001
x-request-id: 65f9bf054a03f2f0159008c67e8d9c42
x-runtime: 0.029591
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 664f28db9b564dfa-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
955 B 213ms
199ms XHR
text/html 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=K25JTmhQNkpDZzVCUHI5QWZoZjhnUT09LS1rTGhKRkU5UHh4NjA3OThLZkxuY1dRPT0%3D--8046d123d2498682d0e85cd0e17a6e2144afd934&page_id=cTVOdzg5Q2pDZEJiSTVEVHNIUWtwUT09LS1RdVUraW1kdkFONnorSW9ReWZUK2tnPT0%3D--b8178ff4553a54263d3b6f69ee0f51e2fb45f563&funnel_step_id=ZHY3WURIcm9Xa2I2YkJEdWVOalByZz09LS1wbWlTMTdzamoxaXVuWEtMR2craWZRPT0%3D--971d970e4ae588afdd35d7df77ff5c018af78d97&user_id=S290d2hkVDF6L1ErR2YwWDFNRThYQT09LS04V1paak5ocmQxWm9YQnpFS2hYcnJRPT0%3D--21fceba064bf18f49651adf71da211e862a2d50b&account_id=bURZZzJvT3dRU3Q0RzhMbzB0ZWd2dz09LS1NNFpzT25DQy9NdE1sMngxdnlUNlZ3PT0%3D--77e3e7f5e63dadfab93472138ab88dc41857b1a4&page_code=MzM4MDcwMjk%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniquePageviewsCreatedSummary&nonce=02dcea40-78ff-474e-900a-33b716e3541b&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
access-control-request-method: *
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
cf-request-id: 0ae557dd4000004dfade2d4000000001
x-request-id: 72f1fdd6f30cf7b12c2af587610b884f
x-runtime: 0.032166
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 664f28db9b574dfa-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H2 202 / Show response
app.clickfunnels.com/userevents/ 0
330 B 247ms
233ms XHR
text/html 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clickfunnels.com/userevents/?funnel_id=K25JTmhQNkpDZzVCUHI5QWZoZjhnUT09LS1rTGhKRkU5UHh4NjA3OThLZkxuY1dRPT0%3D--8046d123d2498682d0e85cd0e17a6e2144afd934&page_id=cTVOdzg5Q2pDZEJiSTVEVHNIUWtwUT09LS1RdVUraW1kdkFONnorSW9ReWZUK2tnPT0%3D--b8178ff4553a54263d3b6f69ee0f51e2fb45f563&funnel_step_id=ZHY3WURIcm9Xa2I2YkJEdWVOalByZz09LS1wbWlTMTdzamoxaXVuWEtMR2craWZRPT0%3D--971d970e4ae588afdd35d7df77ff5c018af78d97&user_id=S290d2hkVDF6L1ErR2YwWDFNRThYQT09LS04V1paak5ocmQxWm9YQnpFS2hYcnJRPT0%3D--21fceba064bf18f49651adf71da211e862a2d50b&account_id=bURZZzJvT3dRU3Q0RzhMbzB0ZWd2dz09LS1NNFpzT25DQy9NdE1sMngxdnlUNlZ3PT0%3D--77e3e7f5e63dadfab93472138ab88dc41857b1a4&page_code=MzM4MDcwMjk%3D&mode_id=1&time_zone=Pacific%20Time%20(US%20%26%20Canada)&app_domain=app.clickfunnels.com&aff_sub2=&aff_sub3=&aff_sub=&affiliate_id=&cf_affiliate_id=&content=&medium=&name=&source=&term=&client_width=1600&type=Userevents::UniqueVisitorsCreatedSummary&nonce=74f8b261-3e1b-44ff-8dd4-c6badedd4070&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/assets/userevents/application.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
access-control-request-method: *
vary: Accept-Encoding
cf-cache-status: BYPASS
access-control-allow-origin: *
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 202 Accepted
cf-request-id: 0ae557dd4000004dfa873e6000000001
x-request-id: 706133ae248a0968647ff9ab1285caf3
x-runtime: 0.054187
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/html
pragma: no-cache
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 664f28db9b5d4dfa-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

GET
H3-29 200 iframe_api Show response
www.youtube.com/ 980 B
511 B 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/assets/lander.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1c979e1a7ccd5dfb380d99b6190410a869f2341fd916d1cf78b72c48a227c34d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:16:53 GMT

GET
H3-29 200 EOYTQAN9BDM Show response
www.youtube.com/embed/ Frame 9673 53 KB
22 KB 82ms
82ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/assets/lander.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1de5e99d83c860bf553318745ab3ed1f7bd71acae2135c5399a7b79fc5385eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fbarefund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=ArnbgGi2kX8; VISITOR_INFO1_LIVE=MSQuC38ySrI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fbarefund.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 25 Jun 2021 15:16:53 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+556; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK /
track.addevent.com/atc/ 0
0 120ms
31ms Image
text/html 54.72.172.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.addevent.com/atc/?trktyp=jsinit&trkcal=&guid=e35fb629-d356-4450-428f-55cabd401833&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146&cache=1624634213739
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.172.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-172-153.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, X-Access-Token
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/702614481/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/702614481/?random=1624634213749&cv=9&fst=1624634213749&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146&tiba=FBA%20Refund%20%7C%20Get%20huge%20cash%20reimbursements%20from%20Amazon&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36b500b4e62c1c58c72f3cda54dac29b463fca842ba73b209b9a48f10b230b74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1071
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 www-widgetapi.js Show response
www.youtube.com/s/player/11aba956/www-widgetapi.vflset/ 125 KB
42 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff4c7f78fabf46226b298888938c85635d5f07d8a81b71a2ee4facde2c7619fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 13:14:38 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 7335
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42588
x-xss-protection: 0
expires: Sat, 25 Jun 2022 13:14:38 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/702614481/ 42 B
121 B 23ms
22ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/702614481/?random=1624634213749&cv=9&fst=1624633200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146&tiba=FBA%20Refund%20%7C%20Get%20huge%20cash%20reimbursements%20from%20Amazon&async=1&fmt=3&is_vtc=1&random=1133057350&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/702614481/ 42 B
108 B 19ms
19ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/702614481/?random=1624634213749&cv=9&fst=1624633200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fbarefund.com%2Foptin-33129146&tiba=FBA%20Refund%20%7C%20Get%20huge%20cash%20reimbursements%20from%20Amazon&async=1&fmt=3&is_vtc=1&random=1133057350&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/11aba956/ Frame 9673 323 KB
45 KB 8ms
6ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7297db34a861e87c6ef7c7ce6ae08ac300de16626626ea542ce98453a643d8ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88492
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45760
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:01 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/11aba956/www-embed-player.vflset/ Frame 9673 194 KB
64 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07d0be87f0cefdd50636fcae271c12bec6ea4160dad9986a12193d53b09c0939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88447
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65327
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:46 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 9673 2 MB
484 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22d13335c1a0be5dbeae8ebfa64551fe8103e6572398ad18db9c58be27d1fee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:01 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88492
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 495471
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:01 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/11aba956/fetch-polyfill.vflset/ Frame 9673 8 KB
3 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88447
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:46 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9673 15 KB
15 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 21:15:46 GMT
x-content-type-options: nosniff
age: 237667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 21:15:46 GMT

GET
H3-29 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 9673 113 B
161 B 47ms
44ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6176ea4f482949b066144c5a3cdbca8b66f60b9cd3f31eac1a42d871f2f6c229

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 9673 29 B
91 B 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:02:21 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 873
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:17:21 GMT

GET
H3-29 200 78f0cHg-mss9TBwkXBH5e0namqWixOmUHR8LetvkC9Q.js Show response
www.google.com/js/th/ Frame 9673 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/78f0cHg-mss9TBwkXBH5e0namqWixOmUHR8LetvkC9Q.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efc7f470783e9acb3d4c1c245c11f97b49da9aa5a2c4e9941d1f0b7adbe40bd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 13:55:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13303
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:30:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 24 Jun 2022 13:55:40 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 9673 25 KB
7 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ce8aae5de48a35e63d34f9063feb1be99b6c8463167da911722fa7aa6ed31b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:43:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88407
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7450
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:43:27 GMT

POST
H3-29 200 player Show response
www.youtube.com/youtubei/v1/ Frame 9673 72 KB
19 KB 120ms
119ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd1d1b3b5831840efe2c1e32edc404f52d4576497b79557d6e2df5d6b868568c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20210623.1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Goog-Visitor-Id: CgtNU1F1QzM4eVNySSjl5teGBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19279
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
DATA 200
OK truncated
/ Frame 9673 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLSmsb_FCuMenY2h7bOPP8tN5cl6n9kCxGZTy0Hy2Q=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 9673 2 KB
2 KB 418ms
417ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLSmsb_FCuMenY2h7bOPP8tN5cl6n9kCxGZTy0Hy2Q=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5e1d553811e1109b10d802e19eb8ba9f26716624206da11a866c13b3aaf93130

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
server: fife
etag: "v89"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2180
x-xss-protection: 0
expires: Sat, 26 Jun 2021 15:16:54 GMT

GET
DATA 200
OK truncated
/ Frame 9673 275 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1dd18dd2d3e2307b8121cd143fd551fe2a29e4f901708819d660d1ec41b25f90

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 204 generate_204
www.youtube.com/ Frame 9673 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?7adkEA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3-29 204 qoe
www.youtube.com/api/stats/ Frame 9673 0
19 B 16ms
15ms Ping
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?event=streamingstats&fmt=134&afmt=251&cpn=e0P5LwH0MKkbYb_4&ei=ZvPVYODlB4f21wK_yZmYBA&el=embedded&docid=EOYTQAN9BDM&ns=yt&fexp=23940238%2C23973490%2C23983296%2C23999405%2C24001373%2C24003103%2C24003105%2C24004644%2C24007246%2C24027400%2C24042868%2C24046936%2C24053867%2C24058812%2C24061913&cl=381124074&seq=1&cbr=Chrome&cbrver=89.0.4389.72&c=WEB_EMBEDDED_PLAYER&cver=1.20210623.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.210:N&ctmp=cc:t.198;useVodTrack&afs=0.209:251::i&vfs=0.210:134:134::r&view=0.210:525:295&bwe=0.210:130000&bat=0.210:1:1&vis=0.210:0&cmt=0.210:0.000&bh=0.210:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK videoplayback Show response
r4---sn-4g5e6nzz.googlevideo.com/ Frame 9673 1 KB
2 KB 23ms
7ms XHR
text/plain 2a00:1450:4001:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5e6nzz.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=134&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278%2C298%2C302&source=youtube&requiressl=yes&mh=W7&mm=31%2C29&mn=sn-4g5e6nzz%2Csn-4g5ednss&ms=au%2Crdu&mv=u&mvi=4&pl=52&vprv=1&mime=video%2Fmp4&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=3910969&otfp=1&dur=97.530&lmt=1595744510940295&mt=1624633593&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgbYLp6yXx6ntRIoImzZm2um6KcxSRlKe9cFJEdoXPmbUCIQDte1_9alzzKz2PP5q7pe-pWKGFCVtWZZC4r2Uj1cpjvA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgFLhX4htM5khOy4ePe-WUZ3NVw8P5GHQdFjZX29t7fjMCIC45iths0DJaMMS1S1zAhpQz7EEhBPMjv09V3qg4_uMg&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&range=0-97994&rn=1&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:1::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

948c9494ee1af03a425f5413963a721256e0fc665e0095b7e3e07a6c4012b930

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 15:16:54 GMT
X-Restrict-Formats-Hint: None
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1074
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
X-Content-Type-Options: nosniff
Expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H/1.1 200
OK videoplayback Show response
r4---sn-4g5e6nzz.googlevideo.com/ Frame 9673 998 B
2 KB 22ms
7ms XHR
text/plain 2a00:1450:4001:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5e6nzz.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=251&source=youtube&requiressl=yes&mh=W7&mm=31%2C29&mn=sn-4g5e6nzz%2Csn-4g5ednss&ms=au%2Crdu&mv=u&mvi=4&pl=52&vprv=1&mime=audio%2Fwebm&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=1717312&otfp=1&dur=97.561&lmt=1573169330280242&mt=1624633593&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=2211222&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAM2AbA92xDYJ-i7ERkD5SZsw__v2Fv003TnfS2-VLgAdAiEAs29G_OSShvxgn2rgof-p-b8ghpZ74S-kLU6dctUfdxk%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl&lsig=AG3C_xAwRAIgFLhX4htM5khOy4ePe-WUZ3NVw8P5GHQdFjZX29t7fjMCIC45iths0DJaMMS1S1zAhpQz7EEhBPMjv09V3qg4_uMg&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&range=0-65968&rn=2&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:1::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

4b1fcf12e3049b4b3bb5fec2c6a22266d345340ad28f6b5e16b46770a439df87

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 15:16:54 GMT
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 998
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
Expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 9673 93 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb4e2796c5e173f72404858cf3053887da7312863efe97ae1220b70f377fddc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:02 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88492
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29336
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:02 GMT

GET
H3-29 200 captions.js Show response
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 9673 62 KB
24 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/captions.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cddfcad4d4686d79909fe8b54a9cd7eff89ee60afafbc25e152742d44e2ee5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:48:33 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88101
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24039
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:48:33 GMT

GET
H3-29 200 endscreen.js Show response
www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/ Frame 9673 26 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/endscreen.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc1cfac48849d6b6691b83adfc75625054d8bb8215b225d20ba0f651fd0cc665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 24 Jun 2021 14:42:39 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 24 Jun 2021 00:19:22 GMT
server: sffe
age: 88455
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7162
x-xss-protection: 0
expires: Fri, 24 Jun 2022 14:42:39 GMT

POST
H3-29 200 next Show response
www.youtube.com/youtubei/v1/ Frame 9673 9 KB
2 KB 304ms
304ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5156f85edacb67285fb3971dd6a10953ad5a8715ab76d0e694eb23b992b63869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20210623.1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Goog-Visitor-Id: CgtNU1F1QzM4eVNySSjl5teGBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1914
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 96 KB
96 KB 193ms
183ms XHR
video/mp4 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5ednss.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=134&aitags=133%2C134%2C135%2C136%2C160%2C242%2C243%2C244%2C247%2C278%2C298%2C302&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=3910969&otfp=1&dur=97.530&lmt=1595744510940295&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgbYLp6yXx6ntRIoImzZm2um6KcxSRlKe9cFJEdoXPmbUCIQDte1_9alzzKz2PP5q7pe-pWKGFCVtWZZC4r2Uj1cpjvA%3D%3D&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&redirect_counter=1&cm2rm=sn-4g5edz7z&cms_redirect=yes&mh=W7&mm=34&mn=sn-4g5ednss&ms=ltu&mt=1624633753&mv=u&mvi=4&pl=52&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIgMoFOG3epiuOM90WuGm84f8ouDpGuGyjXQpzVetv2XbkCIQCdo0LjWLPyF4Pnk1CNvG6wWQwV-DdqK-E4iahsGeHFKg%3D%3D&range=0-97994&rn=3&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

b90ff2f777d48779f95880441a852a5afa3c399b102acd8aa5a1ea36e697db25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97995
client-protocol: quic
last-modified: Sun, 26 Jul 2020 06:21:50 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 64 KB
64 KB 268ms
260ms XHR
audio/webm 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5ednss.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=251&source=youtube&requiressl=yes&vprv=1&mime=audio%2Fwebm&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=1717312&otfp=1&dur=97.561&lmt=1573169330280242&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=2211222&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAM2AbA92xDYJ-i7ERkD5SZsw__v2Fv003TnfS2-VLgAdAiEAs29G_OSShvxgn2rgof-p-b8ghpZ74S-kLU6dctUfdxk%3D&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&redirect_counter=1&cm2rm=sn-4g5edz7z&cms_redirect=yes&mh=W7&mm=34&mn=sn-4g5ednss&ms=ltu&mt=1624633753&mv=u&mvi=4&pl=52&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgCbqftFyG8B3263cIyBrqwUt1uvbFL78v_ZZCZT9QkhcCIAvLwzbyiLf-6KItVEHUhGy758FjT8OvOWL3Y4kM8oy7&range=0-65968&rn=4&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

6144ca0b876651568966d840f918e5618f719b45654d3ba53480e109eab3e7cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65969
client-protocol: quic
last-modified: Thu, 07 Nov 2019 23:28:50 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 9673 4 KB
2 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H2 200 nr-1209.min.js Show response
js-agent.newrelic.com/ 31 KB
12 KB 46ms
14ms Script
application/javascript 151.101.14.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1209.min.js
Requested by: Host: www.fbarefund.com
URL: https://www.fbarefund.com/optin-33129146
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Ilyf2heqjbcb6UZHMuleD6bz44kdIrhk
content-encoding: gzip
etag: "ceffb14d16467e17c5360bf7880099fa"
x-amz-request-id: 5748RK4XNY0JFAXS
x-cache: HIT
content-length: 11738
x-amz-id-2: Bgz/pgtJbcxVQT1M95LrS9P8w6ydNOlS7rqz4RAI+tM5Ek3RKKQrMB0BxrzJZwT8Jt6pEpDvSuo=
x-served-by: cache-fra19148-FRA
last-modified: Thu, 20 May 2021 23:21:18 GMT
server: AmazonS3
x-timer: S1624634215.570275,VS0,VE0
date: Fri, 25 Jun 2021 15:16:54 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 7803

GET
H2 200 closemodal.png
assets.clickfunnels.com/images/ 672 B
1 KB 79ms
67ms Image
image/webp 2606:4700::6810:cc2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.clickfunnels.com/images/closemodal.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:cc2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 305789
cf-polished: origFmt=png, origSize=788
content-disposition: inline; filename="closemodal.webp"
content-length: 672
cf-request-id: 0ae557e09b00002b4df505d000000001
last-modified: Mon, 21 Jun 2021 19:48:08 GMT
server: cloudflare
etag: "60d0ecf8-314"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: image/webp
access-control-allow-origin: *
expires: Mon, 26 Jul 2021 15:16:54 GMT
cache-control: public, max-age=2678400
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 664f28e0facb2b4d-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
cf-bgj: imgq:100,h2pri,csam-hash

GET
H2 200 seller-investigators-logo.png
refund.sellerinvestigators.com/hosted/images/ac/cdcc7cfe2c4662ae970081427953f5/ 48 KB
48 KB 696ms
694ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/ac/cdcc7cfe2c4662ae970081427953f5/seller-investigators-logo.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eb515cabe14d15756361ffdf140d4856f98054b6cfda4bf590771ffb100c13

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Mon, 21 Oct 2019 01:32:56 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "e1558b277c38a0cde268bbc2c889218b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd10c29a-FRA
content-length: 49211
cf-request-id: 0ae557e08b0000c29a4ab29000000001

GET
H2 200 Asset-2.png
refund.sellerinvestigators.com/hosted/images/77/98a6c017c540a2a1b103996762f7e3/ 13 KB
13 KB 628ms
626ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/77/98a6c017c540a2a1b103996762f7e3/Asset-2.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d52bbe77dd280a29f1e3482ec85fa44cdad1eab662b84a067b2a04886a2df66f

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Wed, 28 Aug 2019 00:56:30 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "b1bc1344f66c30df4fff71a747fca8b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd12c29a-FRA
content-length: 13618
cf-request-id: 0ae557e08b0000c29ae8933000000001

GET
H2 200 Asset-1.png
refund.sellerinvestigators.com/hosted/images/63/db96ab8cd14ad9a499ce3ae5d17886/ 7 KB
8 KB 482ms
481ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/63/db96ab8cd14ad9a499ce3ae5d17886/Asset-1.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd51e67357e9d34b8b6f8a8b6d9086ad8bfd79719541e8e8bd749b734aee7b2a

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Wed, 28 Aug 2019 00:56:29 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "318075a54c4010bf351df9ab72840f22"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd14c29a-FRA
content-length: 7420
cf-request-id: 0ae557e08c0000c29a4f9b2000000001

GET
H2 200 Asset-3.png
refund.sellerinvestigators.com/hosted/images/2f/728ae587c040f5afa1ec946b9d9d2b/ 10 KB
10 KB 488ms
487ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/2f/728ae587c040f5afa1ec946b9d9d2b/Asset-3.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d91082b73ab9b110b8654d7bc7023bb218ab23a9e9a49c970b5b3ed228d1c0ea

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Wed, 28 Aug 2019 00:56:34 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "6291339af545b65bb6fee7456b8564f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd17c29a-FRA
content-length: 10360
cf-request-id: 0ae557e08c0000c29a41126000000001

GET
H2 200 Case-manager-Sandra-pic.png
refund.sellerinvestigators.com/hosted/images/50/7dddfe382f4a01af7ce1162bc68e0e/ 324 KB
324 KB 692ms
691ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/50/7dddfe382f4a01af7ce1162bc68e0e/Case-manager-Sandra-pic.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bd2f25f361763f398a18e95ecb4df5298baac90775bafdc826395cc8f4520d8

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Thu, 26 Sep 2019 21:25:23 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "daa5b95e7dac560c9344b97557829a16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd18c29a-FRA
content-length: 331742
cf-request-id: 0ae557e08d0000c29a1a9e1000000001

GET
H2 200 5Starts-01.png
refund.sellerinvestigators.com/hosted/images/8c/94a29355c9470489b9b364dfba5a3b/ 9 KB
9 KB 493ms
492ms Image
image/png 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://refund.sellerinvestigators.com/hosted/images/8c/94a29355c9470489b9b364dfba5a3b/5Starts-01.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b26312b6ce93d8796ace0c9069c5f964b43f407b9eec5292f9655763d5409b45

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
cf-cache-status: MISS
last-modified: Tue, 27 Aug 2019 01:38:19 GMT
server: cloudflare
x-amz-cf-pop: FRA2-C2
etag: "8eef83cbf0b1b5c298bdb55994079d7e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 664f28e0dd1ac29a-FRA
content-length: 9307
cf-request-id: 0ae557e08c0000c29a5a365000000001

GET
H2 200 background.png Show response
refund.sellerinvestigators.com/images/ 117 B
1 KB 747ms
730ms XHR
text/javascript 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refund.sellerinvestigators.com/images/background.png?_unique=0.8540662034715825&_uniqueVisitorID=null&_type=WINDOW&_location=ttps%3A//www.fbarefund.com/optin-33129146&_title=FBA%20Refund%20%7C%20Get%20huge%20cash%20reimbursements%20from%20Amazon&_key=yhqv3l60&_page_key=hox4y0n56j9zkhh7&_fid=7816712&_fspos=1&_fvrs=1&_funnel_stat=1&_location=https://www.fbarefund.com/optin-33129146&_referrer=

Requested by

Host: refund.sellerinvestigators.com
URL: https://refund.sellerinvestigators.com/vendor.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger Enterprise 6.0.7

Resource Hash

d24b6feadf5ad2b049354eb93b37119c4503b4669ea2d39206fcca748e69bdd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
access-control-request-method: *
cf-cache-status: DYNAMIC
x-powered-by: Phusion Passenger Enterprise 6.0.7
status: 200 OK
strict-transport-security: max-age=0
content-encoding: br
cf-request-id: 0ae557e0a200001782acabb000000001
x-request-id: bd6412f960ab3cba73d67cc595b43dc5
x-runtime: 0.015672
server: cloudflare
x-frame-options: ALLOWALL
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 664f28e10d581782-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
x-rack-cache: miss

POST
H2 200 rum Show response
www.fbarefund.com/cdn-cgi/ 0
201 B 17ms
16ms XHR
text/plain 2606:4700::6810:10c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fbarefund.com/cdn-cgi/rum?req_id=664f28d52bbabf0f

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-fetch-mode: cors
origin: https://www.fbarefund.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __cfduid=d970a1cc9d23b4f73a876db6dd93c98c81624634211; __cf_bm=b443aec36df1b3a4199eb4ac49297d7c7f87a9a6-1624634212-1800-AZ1P+SajfhdYItsCGQdVKt6gMJraw52TN2v4Gpl3SAHIQIZxjLL33D0BveqSJI/jMdaflulkHawqVRclJLpz25NFR5bl4Q/sYDB5FUVO2S5c; _gcl_au=1.1.1779642675.1624634214; cf:aff_sub2=; cf:aff_sub3=; cf:aff_sub=; cf:affiliate_id=; cf:cf_affiliate_id=; cf:content=; cf:medium=; cf:name=; cf:source=; cf:term=; cf:MzM4MDcwMjk=:visited=true; cf:visitor_id=4616ede2-6b78-432b-ae3b-0cb3650f7e16; addevent_track_cookie=e35fb629-d356-4450-428f-55cabd401833
content-length: 13715
:path: /cdn-cgi/rum?req_id=664f28d52bbabf0f
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: www.fbarefund.com
referer: https://www.fbarefund.com/optin-33129146
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.fbarefund.com/optin-33129146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.fbarefund.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 664f28e19b0cbf0f-FRA
vary: Origin

GET
H3-29 200 AKedOLSmsb_FCuMenY2h7bOPP8tN5cl6n9kCxGZTy0Hy2Q=s88-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 9673 3 KB
3 KB 153ms
137ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLSmsb_FCuMenY2h7bOPP8tN5cl6n9kCxGZTy0Hy2Q=s88-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ce2d9135400e9063eddb534bda0eba484261cfb9422545e61a67cc3c87c76bb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
server: fife
etag: "v89"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2953
x-xss-protection: 0
expires: Sat, 26 Jun 2021 15:16:54 GMT

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 80 KB
80 KB 51ms
51ms XHR
video/mp4 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

8e5785534599cde14617fb3153da1417d43a8d2a1886a6de42706cc25b39fdf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:54 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81728
client-protocol: quic
last-modified: Sun, 26 Jul 2020 06:21:50 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 25 Jun 2021 15:16:54 GMT

GET
H/1.1 200
OK NRJS-fc902efb332119fff33 Show response
bam-cell.nr-data.net/1/ 49 B
915 B 498ms
457ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRJS-fc902efb332119fff33?a=367981416&v=1209.f04e2b9&to=dFZWTENWVQ9QExdNRlJLSFlWXEpMRQBfXUYYSU1aXVBKC1AF&rst=3303&ck=1&ref=https://www.fbarefund.com/optin-33129146&ap=338&be=1624&fe=2968&dc=2106&perf=%7B%22timing%22:%7B%22of%22:1624634211567,%22n%22:0,%22r%22:0,%22re%22:1100,%22f%22:1100,%22dn%22:1100,%22dne%22:1100,%22c%22:1100,%22ce%22:1100,%22rq%22:1102,%22rp%22:1614,%22rpe%22:1620,%22dl%22:1617,%22di%22:2105,%22ds%22:2106,%22de%22:2174,%22dc%22:2967,%22l%22:2967,%22le%22:3077%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=1900&fcp=1900&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1209.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Referer: https://www.fbarefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 15:16:55 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
X-NewRelic-App-Data: PxQGQlVTAAQBXFFTFR0VMQFTYkEDCBADUxZRDVZkG3xWEU0YdQhAEgVCVAkDEWQcfgEVFk51XhUUUEJQCgMRQBxSFlIUChoCBFMBJBxVH1BQGhVRXgUBUVIBWQZTUA5TUgMEEU4AAg5DB2U=
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 664f28e34b9dedd3-CDG
cf-request-id: 0ae557e2080000edd3de1c5000000001

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 64 KB
64 KB 153ms
152ms XHR
audio/webm 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5ednss.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=251&source=youtube&requiressl=yes&vprv=1&mime=audio%2Fwebm&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=1717312&otfp=1&dur=97.561&lmt=1573169330280242&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=2211222&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAM2AbA92xDYJ-i7ERkD5SZsw__v2Fv003TnfS2-VLgAdAiEAs29G_OSShvxgn2rgof-p-b8ghpZ74S-kLU6dctUfdxk%3D&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&redirect_counter=1&cm2rm=sn-4g5edz7z&cms_redirect=yes&mh=W7&mm=34&mn=sn-4g5ednss&ms=ltu&mt=1624633753&mv=u&mvi=4&pl=52&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgCbqftFyG8B3263cIyBrqwUt1uvbFL78v_ZZCZT9QkhcCIAvLwzbyiLf-6KItVEHUhGy758FjT8OvOWL3Y4kM8oy7&range=65969-131504&rn=6&rbuf=3895

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

4f791c1bf3712302125078b340edc9003439466632032f6451eb60dbd30128e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65536
client-protocol: quic
last-modified: Thu, 07 Nov 2019 23:28:50 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 25 Jun 2021 15:16:55 GMT

GET
H3-29 204 playback
www.youtube.com/api/stats/ Frame 9673 0
17 B 17ms
17ms Image
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/api/stats/playback?ns=yt&el=embedded&cpn=e0P5LwH0MKkbYb_4&docid=EOYTQAN9BDM&ver=2&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FEOYTQAN9BDM%3Fmute%3D1%26autoplay%3D1%26%26modestbranding%3D1%26controls%3D1%26showinfo%3D0%26rel%3D0%26hd%3D1%26wmode%3Dtransparent&cmt=0.004&ei=ZvPVYODlB4f21wK_yZmYBA&fmt=134&fs=0&rt=0.916&of=-_xhI4eL4MjOL53E0nwGhA&euri=https%3A%2F%2Fwww.fbarefund.com%2F&lact=945&cl=381124074&mos=1&vm=CAEQABgEKiBkbUhLZnNkTEg4b0h6MXBvX2F1Sm9USmdvZ2VsOXdGSDoyQU9HdF9PTFYyUml6RmJaa0dhaTg4czVqcFVybWstTWJFZmFoNW5NeGI0RXQzUHV5c3c&volume=100&cbr=Chrome&cbrver=89.0.4389.72&c=WEB_EMBEDDED_PLAYER&cver=1.20210623.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&hl=en_US&cr=DE&len=97.561&fexp=23940238%2C23973490%2C23983296%2C23999405%2C24001373%2C24003103%2C24003105%2C24004644%2C24007246%2C24027400%2C24042868%2C24046936%2C24053867%2C24058812%2C24061913&rtn=11&afmt=251&size=525%3A295&inview=1&muted=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 ptracking
www.youtube.com/ Frame 9673 0
19 B 15ms
14ms Image
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/ptracking?html5=1&video_id=EOYTQAN9BDM&cpn=e0P5LwH0MKkbYb_4&ei=ZvPVYODlB4f21wK_yZmYBA&ptk=youtube_none&pltype=contentugc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Jun 2021 15:16:54 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 200 KB
201 KB 59ms
47ms XHR
video/mp4 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

aa48a9c9658b71f5ffb28dc5f1bf027b1cc1489d53c9c0078f2828d217012b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 15:16:55 GMT
X-Restrict-Formats-Hint: None
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 205180
Last-Modified: Sun, 26 Jul 2020 06:21:50 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21299
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
X-Content-Type-Options: nosniff
Expires: Fri, 25 Jun 2021 15:16:55 GMT

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 135 KB
135 KB 154ms
154ms XHR
audio/webm 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5ednss.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=251&source=youtube&requiressl=yes&vprv=1&mime=audio%2Fwebm&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=1717312&otfp=1&dur=97.561&lmt=1573169330280242&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=2211222&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAM2AbA92xDYJ-i7ERkD5SZsw__v2Fv003TnfS2-VLgAdAiEAs29G_OSShvxgn2rgof-p-b8ghpZ74S-kLU6dctUfdxk%3D&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&redirect_counter=1&cm2rm=sn-4g5edz7z&cms_redirect=yes&mh=W7&mm=34&mn=sn-4g5ednss&ms=ltu&mt=1624633753&mv=u&mvi=4&pl=52&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgCbqftFyG8B3263cIyBrqwUt1uvbFL78v_ZZCZT9QkhcCIAvLwzbyiLf-6KItVEHUhGy758FjT8OvOWL3Y4kM8oy7&range=131505-269292&rn=8&rbuf=7371

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

03593eae6f4daf1b6bf6157c090ef276eb63f3cf544254e7b23bcf73d56293d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137788
client-protocol: quic
last-modified: Thu, 07 Nov 2019 23:28:50 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 25 Jun 2021 15:16:55 GMT

GET
H3-29 200 videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 372 KB
372 KB 46ms
45ms XHR
video/mp4 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

252d4dfe935d2a85629b872c8db2191b3c49b85dffb65183c0ba7f3a8e3647f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 25 Jun 2021 15:16:55 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 380695
client-protocol: quic
last-modified: Sun, 26 Jul 2020 06:21:50 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 25 Jun 2021 15:16:55 GMT

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 9673 28 B
197 B 25ms
25ms XHR
application/json 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/EOYTQAN9BDM?mute=1&autoplay=1&&modestbranding=1&controls=1&showinfo=0&rel=0&hd=1&wmode=transparent
X-YouTube-Client-Version: 1.20210623.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtNU1F1QzM4eVNySSjl5teGBg%3D%3D
X-YouTube-Ad-Signals: dt=1624634213941&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C525%2C295&vis=1&wgl=true&ca_type=image&bid=ANyPxKrK8rb7caCdWzjvcVMJk0NXNXMLh96_tZaVpsqiL_19W3uPVe5gMn6p1Wu3fk3mbVp8Qeu_QvJ3mF3ZCAv1Eampf84vkw

Response headers

date: Fri, 25 Jun 2021 15:16:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Fri, 25 Jun 2021 15:16:56 GMT

GET
H/1.1 200
OK videoplayback Show response
r4---sn-4g5ednss.googlevideo.com/ Frame 9673 227 KB
228 KB 178ms
178ms XHR
audio/webm 2a00:1450:4001:6b::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5ednss.googlevideo.com/videoplayback?expire=1624655814&ei=ZvPVYODlB4f21wK_yZmYBA&ip=2a01%3A4f8%3A121%3A131a%3A%3A2&id=o-AK2JVKiZFEjUOqh4vP-tmiRLZ0aPnDvUYJ-jiNFSLRmg&itag=251&source=youtube&requiressl=yes&vprv=1&mime=audio%2Fwebm&ns=m6ZImgq8dP29bLIpAm1xbucF&gir=yes&clen=1717312&otfp=1&dur=97.561&lmt=1573169330280242&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=2211222&n=-bhHQd2i2Roghg&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAM2AbA92xDYJ-i7ERkD5SZsw__v2Fv003TnfS2-VLgAdAiEAs29G_OSShvxgn2rgof-p-b8ghpZ74S-kLU6dctUfdxk%3D&alr=yes&cpn=e0P5LwH0MKkbYb_4&cver=1.20210623.1.0&redirect_counter=1&cm2rm=sn-4g5edz7z&cms_redirect=yes&mh=W7&mm=34&mn=sn-4g5ednss&ms=ltu&mt=1624633753&mv=u&mvi=4&pl=52&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgCbqftFyG8B3263cIyBrqwUt1uvbFL78v_ZZCZT9QkhcCIAvLwzbyiLf-6KItVEHUhGy758FjT8OvOWL3Y4kM8oy7&range=269293-501754&rn=10&rbuf=12436

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/11aba956/player_ias.vflset/en_US/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:6b::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

92b652e10acd8d9363901ac3ef327dad68c2d3d3e4987ff7b48805d1e5310ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 25 Jun 2021 15:16:58 GMT
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 232462
Last-Modified: Thu, 07 Nov 2019 23:28:50 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: audio/webm
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21296
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
Expires: Fri, 25 Jun 2021 15:16:58 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:visitor_id Value: 4616ede2-6b78-432b-ae3b-0cb3650f7e16
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:term Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: addevent_track_cookie Value: e35fb629-d356-4450-428f-55cabd401833
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:source Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:content Value:
.fbarefund.com/	1970-01-19 21:26:50	Name: _gcl_au Value: 1.1.1779642675.1624634214
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:aff_sub3 Value:
.www.fbarefund.com/	1970-01-19 19:17:16	Name: __cf_bm Value: b443aec36df1b3a4199eb4ac49297d7c7f87a9a6-1624634212-1800-AZ1P+SajfhdYItsCGQdVKt6gMJraw52TN2v4Gpl3SAHIQIZxjLL33D0BveqSJI/jMdaflulkHawqVRclJLpz25NFR5bl4Q/sYDB5FUVO2S5c
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:name Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:medium Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:cf_affiliate_id Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:affiliate_id Value:
.youtube.com/	1970-01-19 23:36:26	Name: VISITOR_INFO1_LIVE Value: MSQuC38ySrI
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:aff_sub2 Value:
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:aff_sub Value:
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: ArnbgGi2kX8
www.fbarefund.com/	1970-01-20 04:02:50	Name: cf:MzM4MDcwMjk Value: :visited=true
.www.fbarefund.com/	1970-01-19 20:00:26	Name: __cfduid Value: d970a1cc9d23b4f73a876db6dd93c98c81624634211

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://refund.sellerinvestigators.com/assets/lander.js(Line 112) Message: keen.io could not be loaded

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.clickfunnels.com
assets.clickfunnels.com
bam-cell.nr-data.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js-agent.newrelic.com
r4---sn-4g5e6nzz.googlevideo.com
r4---sn-4g5ednss.googlevideo.com
refund.sellerinvestigators.com
static.cloudflareinsights.com
static.doubleclick.net
track.addevent.com
use.fontawesome.com
www.fbarefund.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
142.250.186.98
151.101.14.110
162.247.243.147
23.111.9.35
2606:4700::6810:10c2
2606:4700::6810:5f41
2606:4700::6810:cc2
2a00:1450:4001:1::9
2a00:1450:4001:6b::9
2a00:1450:4001:808::2006
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2002
2a00:1450:4001:812::2003
2a00:1450:4001:813::200e
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
54.72.172.153
004e3565fa58bd4ff0cbf31deb5451508a5ec7d46c4480f9bfa23326f187a158
03593eae6f4daf1b6bf6157c090ef276eb63f3cf544254e7b23bcf73d56293d0
07d0be87f0cefdd50636fcae271c12bec6ea4160dad9986a12193d53b09c0939
0d1c5ba4b29db42dadf61f9e7304331fa835fe732bbb02822ada17a9a63c215f
0e567066985125e7974f68b42914dcb134e3c38373a4a3d668bdb38a3e55f299
11c99785b39998d66eb8a044c4fbb3e8dd9d3722edb221f73432c4dee11ec64c
1241e2e2d141171600e1cca249282055448e13e64a3abb314e3a959c251bed86
1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669
1c979e1a7ccd5dfb380d99b6190410a869f2341fd916d1cf78b72c48a227c34d
1dd18dd2d3e2307b8121cd143fd551fe2a29e4f901708819d660d1ec41b25f90
22d13335c1a0be5dbeae8ebfa64551fe8103e6572398ad18db9c58be27d1fee0
252d4dfe935d2a85629b872c8db2191b3c49b85dffb65183c0ba7f3a8e3647f5
29eb515cabe14d15756361ffdf140d4856f98054b6cfda4bf590771ffb100c13
36b500b4e62c1c58c72f3cda54dac29b463fca842ba73b209b9a48f10b230b74
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3cddfcad4d4686d79909fe8b54a9cd7eff89ee60afafbc25e152742d44e2ee5a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4b1fcf12e3049b4b3bb5fec2c6a22266d345340ad28f6b5e16b46770a439df87
4bd2f25f361763f398a18e95ecb4df5298baac90775bafdc826395cc8f4520d8
4f791c1bf3712302125078b340edc9003439466632032f6451eb60dbd30128e4
5156f85edacb67285fb3971dd6a10953ad5a8715ab76d0e694eb23b992b63869
5216f197f782f4bb872e02a677986af90a488015910f8d3864b796ad68dbd389
533143d96607d94d5d4292838e364aef656d3de58fe74368263776eab9c07542
5e1d553811e1109b10d802e19eb8ba9f26716624206da11a866c13b3aaf93130
6144ca0b876651568966d840f918e5618f719b45654d3ba53480e109eab3e7cd
6176ea4f482949b066144c5a3cdbca8b66f60b9cd3f31eac1a42d871f2f6c229
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6ce8aae5de48a35e63d34f9063feb1be99b6c8463167da911722fa7aa6ed31b0
7297db34a861e87c6ef7c7ce6ae08ac300de16626626ea542ce98453a643d8ff
7422e50efbaea439fda7ef3b0eb54ee1a9fe73ea2f919d78a33bf6fb9e3e059d
7d1f446e9f1479578dd4a689b32888ae7e62a5a62fb9edd7d47adcafbec12aa1
823bec83b3545561c593e060cb30298199d5ceedd3e66ca78fdade682d0d0e9c
8e5785534599cde14617fb3153da1417d43a8d2a1886a6de42706cc25b39fdf7
92b652e10acd8d9363901ac3ef327dad68c2d3d3e4987ff7b48805d1e5310ce1
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
948c9494ee1af03a425f5413963a721256e0fc665e0095b7e3e07a6c4012b930
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa48a9c9658b71f5ffb28dc5f1bf027b1cc1489d53c9c0078f2828d217012b6e
b26312b6ce93d8796ace0c9069c5f964b43f407b9eec5292f9655763d5409b45
b90ff2f777d48779f95880441a852a5afa3c399b102acd8aa5a1ea36e697db25
c1de5e99d83c860bf553318745ab3ed1f7bd71acae2135c5399a7b79fc5385eb
c5a693ec553fed00d0a2992eb32b82b250e7c64ef7928c117d4c0949b62d4dca
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
caec52356d28a445e7ad10d92d410b52fa537697b3b453ef1c01c65ec01ff86d
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
ce2d9135400e9063eddb534bda0eba484261cfb9422545e61a67cc3c87c76bb3
cf28914211cd82b6bba7523b6cb9492e01cf38ae008062de2972941e776e01a9
d24b6feadf5ad2b049354eb93b37119c4503b4669ea2d39206fcca748e69bdd5
d52bbe77dd280a29f1e3482ec85fa44cdad1eab662b84a067b2a04886a2df66f
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d91082b73ab9b110b8654d7bc7023bb218ab23a9e9a49c970b5b3ed228d1c0ea
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dc1cfac48849d6b6691b83adfc75625054d8bb8215b225d20ba0f651fd0cc665
dd1d1b3b5831840efe2c1e32edc404f52d4576497b79557d6e2df5d6b868568c
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efc7f470783e9acb3d4c1c245c11f97b49da9aa5a2c4e9941d1f0b7adbe40bd4
f48caff6ca62c81ebeb79b5a8b5452bdb3953ade043146e54d4a53f5e929c2ef
f7464960133d530dfa52ce0ab9a5c33f0a709a946ad16298b000a7560738f422
f76553e0cbb772f7113a3814491ae325e271355e87985e7e4754a8bb75b7dcb4
fb4e2796c5e173f72404858cf3053887da7312863efe97ae1220b70f377fddc4
fd51e67357e9d34b8b6f8a8b6d9086ad8bfd79719541e8e8bd749b734aee7b2a
ff4c7f78fabf46226b298888938c85635d5f07d8a81b71a2ee4facde2c7619fb

www.fbarefund.com Open in urlscan Pro 2606:4700::6810:10c2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

77 Requests

100 %HTTPS

78 %IPv6

18 Domains

22 Subdomains

24 IPs

3 Countries

3910 kBTransfer

9081 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fbarefund.com Open in urlscan Pro
2606:4700::6810:10c2 Public Scan

Screenshot
Live screenshot

Full Image

77
Requests

100 %
HTTPS

78 %
IPv6

18
Domains

22
Subdomains

24
IPs

3
Countries

3910 kB
Transfer

9081 kB
Size

18
Cookies

77 HTTP transactions
3 data transactions