urlscan.io logo urlscan.io
SecurityTrails logo

westquests.com Open in urlscan Pro
2606:4700:3035::6815:472  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/3UCvvQh#c49361JRbAf13049kQTy41772AaB152606jiXp241
Effective URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Submission: On November 08 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 38 HTTP transactions. The main IP is 2606:4700:3035::6815:472, located in United States and belongs to CLOUDFLARENET, US. The main domain is westquests.com.
TLS certificate: Issued by E1 on November 7th 2022. Valid for: 3 months.
This is the only time westquests.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.10 396982 (GOOGLE-CL...)
1 20.60.2.36 8075 (MICROSOFT...)
1 2 62.210.168.142 12876 (Online SAS)
1 141.98.5.227 8100 (ASN-QUADR...)
26 2606:4700:303... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
4 2606:4700:303... 13335 (CLOUDFLAR...)
38 9
1    67.199.248.10 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
1    20.60.2.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
capona.blob.core.windows.net
2    62.210.168.142 (Taverny, France)

ASN12876 (Online SAS, FR)
habasha.live
1    141.98.5.227 (Bulgaria)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
infirmstrag.com
26    2606:4700:3035::6815:472 (United States)

ASN13335 (CLOUDFLARENET, US)
westquests.com
2    2607:f8b0:4006:820::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:3033::ac43:813d (United States)

ASN13335 (CLOUDFLARENET, US)
trk-epicurei.com
1    2607:f8b0:4006:822::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2606:4700:3033::6815:283 (United States)

ASN13335 (CLOUDFLARENET, US)
event.trk-epicurei.com
Apex Domain
Subdomains		 Transfer
26 westquests.com
westquests.com
5 MB
5 trk-epicurei.com
trk-epicurei.com — Cisco Umbrella Rank: 158782
event.trk-epicurei.com — Cisco Umbrella Rank: 222030
3 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 121
115 KB
2 habasha.live
habasha.live
586 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 97
346 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118
1 KB
1 infirmstrag.com
infirmstrag.com
422 B
1 windows.net
capona.blob.core.windows.net
557 B
1 bit.ly
bit.ly — Cisco Umbrella Rank: 4938
273 B
38 9
Domain Requested by
26 westquests.com infirmstrag.com
westquests.com
4 event.trk-epicurei.com trk-epicurei.com
2 www.googletagmanager.com capona.blob.core.windows.net
www.googletagmanager.com
2 habasha.live 1 redirects capona.blob.core.windows.net
1 www.google-analytics.com www.googletagmanager.com
1 trk-epicurei.com westquests.com
1 fonts.googleapis.com westquests.com
1 infirmstrag.com habasha.live
1 capona.blob.core.windows.net
1 bit.ly 1 redirects
38 10

This site contains no links.

Subject Issuer Validity Valid
*.blob.core.windows.net
Microsoft RSA TLS CA 02		 2022-09-22 -
2023-09-22		 a year crt.sh
infirmstrag.com
R3		 2022-09-27 -
2022-12-26		 3 months crt.sh
*.westquests.com
E1		 2022-11-07 -
2023-02-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
*.trk-epicurei.com
E1		 2022-10-12 -
2023-01-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Frame ID: A24C1D550C2B52A35CB03941BD7374A8
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Reward Pending - Kohl's - We Want Your Opinion!

Page URL History Show full URLs

  1. https://bit.ly/3UCvvQh HTTP 301
    https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html Page URL
  2. http://habasha.live/rd/c49361JRbAf13049kQTy41772AaB152606jiXp241 Page URL
  3. http://habasha.live/track/c49361JRbAf13049kQTy41772AaB152606jiXp241 HTTP 302
    https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606 Page URL
  4. https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

38
Requests

97 %
HTTPS

60 %
IPv6

9
Domains

10
Subdomains

9
IPs

3
Countries

5033 kB
Transfer

5778 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/3UCvvQh HTTP 301
    https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html Page URL
  2. http://habasha.live/rd/c49361JRbAf13049kQTy41772AaB152606jiXp241 Page URL
  3. http://habasha.live/track/c49361JRbAf13049kQTy41772AaB152606jiXp241 HTTP 302
    https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606 Page URL
  4. https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bit.ly/3UCvvQh HTTP 301
  • https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
Request Chain 2
  • http://habasha.live/track/c49361JRbAf13049kQTy41772AaB152606jiXp241 HTTP 302
  • https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
fjrstksrtjrstjrsjtsrjsrtjsrtj.html
capona.blob.core.windows.net/fxdhdhehjrtsk/
Redirect Chain
  • https://bit.ly/3UCvvQh
  • https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
154 B
557 B 		Document
General
Check archive.org
Download Go to
Full URL
https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.2.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Content-Length
154
Content-MD5
nLlTiDxvRGlDSRPklWMuJQ==
Content-Type
text/html
Date
Tue, 08 Nov 2022 19:28:14 GMT
ETag
0x8DAC0EBD6F86095
Last-Modified
Mon, 07 Nov 2022 18:13:58 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type
BlockBlob
x-ms-lease-status
unlocked
x-ms-request-id
bed1110b-001e-0035-08a8-f3c9b1000000
x-ms-version
2009-09-19

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=90
content-length
172
content-type
text/html; charset=utf-8
date
Tue, 08 Nov 2022 19:28:15 GMT
location
https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
server
nginx
via
1.1 google
c49361JRbAf13049kQTy41772AaB152606jiXp241
habasha.live/rd/ 		243 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
http://habasha.live/rd/c49361JRbAf13049kQTy41772AaB152606jiXp241
Requested by
Host: capona.blob.core.windows.net
URL: https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
Protocol
HTTP/1.1
Server
62.210.168.142 Taverny, France, ASN12876 (Online SAS, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Content-Length
243
Content-Type
text/html; charset=utf-8
Date
Tue, 08 Nov 2022 19:28:15 GMT
13049-41772-152606
infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/
Redirect Chain
  • http://habasha.live/track/c49361JRbAf13049kQTy41772AaB152606jiXp241
  • https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606
130 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606
Requested by
Host: habasha.live
URL: http://habasha.live/rd/c49361JRbAf13049kQTy41772AaB152606jiXp241
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
141.98.5.227 , Bulgaria, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://habasha.live/rd/c49361JRbAf13049kQTy41772AaB152606jiXp241
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-length
130
content-type
text/html; charset=UTF-8
date
Tue, 08 Nov 2022 19:28:16 GMT
server
Apache

Redirect headers

Content-Length
117
Content-Type
text/html; charset=utf-8
Date
Tue, 08 Nov 2022 19:28:15 GMT
Location
https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606
Primary Request /
westquests.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Requested by
Host: infirmstrag.com
URL: https://infirmstrag.com/0/0/0/0884174429ad99d0b2265ac091fcb7f5/24/241-49361/13049-41772-152606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6817cfb025dfeecc36f70e8ee8a85791d38097ede04f07ca2d9deea4311b4215
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://infirmstrag.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7670b5f96db619aa-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 08 Nov 2022 19:28:17 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgXX2psbqr4dqF%2FG3rrEDUZAuNu%2BwVFo3QW0aYNjHBwWMPIsw%2B1f7EH6SfwFtL2YOWs5RiNuV6MWJ3T5sIt3GZW2VM%2BKOiz4wJQeMQp5JevzmyVVZ7FKBAcHDpEk5z0M3AOZQxD5THb588voWw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
fff641386d874aea8ac70f5befcccf48
westquests.com/ 		185 KB
28 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://westquests.com/fff641386d874aea8ac70f5befcccf48?_ax=w
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ebf2757ee6e09f524e72c7f02236ba73c82bad3763e017a20fc8d8aab232be7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RmvSmWsdS1LQySD42HyVCRPU3iWJXCzbYAOKKhurHf%2BQesuZLM4MHFJpGf1vtDOwTg79dmGk7gMcqwQ1bgOBtWPO%2F%2BHKo0XfuGfeZjKvj%2BO8D6AGcCSCb9sQ%2BByf6%2Boy76BDgOpTeDNYeIIROg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
7670b5faf94119aa-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
bootstrap.min.css
westquests.com/assets/vendors/bootstrap-4.5.3/css/ 		157 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13581
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RiVwggjYfbNrN6Hgb1JE567wZtXoj9F%2B%2FGMjI7719TU9pRFJKDwlCFyVbTZcjHxV4jymQySf%2B4TBDnoDkzpPsJ1TgFvhqhkzN%2FLdat6oUAGnOY58H3a7HvtzPp4MJWP9Ag5UYNEqqERtndeTDg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8afe17f9-EWR
expires
Tue, 15 Nov 2022 15:41:56 GMT
all.css
westquests.com/assets/vendors/fontawesome/css/ 		72 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/vendors/fontawesome/css/all.css
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13581
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:01:59 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9EDKSMtjO13NLe1XpbfoYWlFU%2FPci9w6RMCK06pFfSLJWNRFVGR0jekzKnJk9BPc8FiMM07uqwCTgOgxAWRWnm4fxs2FgurcexXe5eQ%2BLGz%2BM%2B5kubDdq2VgbJubDN4kih3tLJRR953agugkxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b0217f9-EWR
expires
Tue, 15 Nov 2022 15:41:56 GMT
common-hybrid.css
westquests.com/assets/css/dublin/dist/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/css/dublin/dist/common-hybrid.css?v=94bb6d0b77c883e3d4fdc65f4610bce7
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b4c84011aeb426d9889b4a53b84cad886e503c2b940443acae93a2932c99a8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Mon, 24 Oct 2022 17:41:34 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2BI7mayiYoqxM8PVK9BniQghIIBDxpczylG7Jsa7tPMaWIUWBpHe7P57frxltw0wICjo%2BbNBVxyn5r5R7fU4FA7zb9tITyL3oSw9J1CyvDaXeuGmWhp7cFrpwv7%2FiAwytBSpPSwV6xzSHIqJ4w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1017f9-EWR
expires
Tue, 15 Nov 2022 19:28:17 GMT
msg.js
westquests.com/inc/ 		942 B
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/inc/msg.js
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c3f3452108be85c9304eb8e6fc6dc831534e12362cfd03afd47f4320f894a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13581
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 20 Oct 2022 12:25:37 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWQUhCXtrz%2F%2BcBTl16jOEZDXlRYF8nfiNK4CcBFmfFbY%2B2FhgDdRwa6VoHH2O77piqoh9UWCBHMlCNsvCiZoBUz8HkA9DWZlg2pswZkMilMr%2BEfnzNneiA8vrLgZn7TSk9r58hURW5ldtxl7Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1517f9-EWR
expires
Tue, 15 Nov 2022 15:41:56 GMT
jquery-3.4.1.min.js
westquests.com/assets/vendors/ 		86 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/vendors/jquery-3.4.1.min.js
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13581
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U68qp%2FtDU36EZmjBU%2FKE0bP8ZE%2B7MVZlHpBwO%2B0rIfMW39l%2BEB4a0M%2BwFoCXYMkFf5jXOdLsFeIzyo0R%2FCXeKD7%2BUgxeMx%2BdAGSg7DxtFHmjModtyt0dZhyvDLdHC%2B5jkCveBTF3W5Kka8xsUw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1817f9-EWR
expires
Tue, 15 Nov 2022 15:41:56 GMT
bootstrap.min.js
westquests.com/assets/vendors/bootstrap-4.5.3/js/ 		62 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13581
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 20 Aug 2021 13:04:53 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ega1IvHInt3wyCE8YSiv1mY3zlxBuOBC6wFVMtK3V8gfCj1F0dytXBwlRHAKtgz9jAByeDsMIBxyAT0zOOV1N0JZYOQvPbMxp71uQstS4rI4q%2Byj0w2N%2FSY1xcRu3gTvOJsgzE%2Br1dq5YRWqA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1b17f9-EWR
expires
Tue, 15 Nov 2022 15:41:56 GMT
functions.js
westquests.com/assets/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/js/functions.js?v=94bb6d0b77c883e3d4fdc65f4610bce7
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5de7a79e14562963ef11f0d95f7a098e3cc018347a95290e292bef9b7d4677b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 06 Sep 2022 14:55:28 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=41rHCuISXr2RlbschTE4SL7AaME%2FG1XCScYnrQsWlHaSQlnyOAu9K%2FahZYXMXEl7EekX4cvehCIwlb5Xk3XiTvHU%2BAduMxOmnw7oJP0nVRVGSP0RD8OEdwIfLlYfWz68kzwXxQ3g5CRpwWAKFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1c17f9-EWR
expires
Tue, 15 Nov 2022 19:28:17 GMT
intl_functions.js
westquests.com/assets/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/js/intl_functions.js?v=94bb6d0b77c883e3d4fdc65f4610bce7
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7077430b976a181d99efafc06e7e29923636aa84041bdd06c78fce5d960bb074
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 15 Sep 2022 19:29:38 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJsWATW3vyO48GWfB1doIpjxZE63TeObxNwEMkg3l7kzWN7Eh7wbFXghw%2FHHQWuW%2F49I32zjqEeBEsM8lhWB5BywoZr1eqc9%2Fg%2FkdvsoqZRnKuMYuLSSzK9wBROtJpSLh1ZsN8DGvpbkRfPwLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1e17f9-EWR
expires
Tue, 15 Nov 2022 19:28:17 GMT
common-hybrid.js
westquests.com/assets/js/dublin/dist/ 		90 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/js/dublin/dist/common-hybrid.js?v=94bb6d0b77c883e3d4fdc65f4610bce7
Requested by
Host: westquests.com
URL: https://westquests.com/?s1=351392&s2=847176098&s3=4882&s4=&s10=1961
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a877614e935f837f3779cf2d0b868d530aebe491339a2fdfeba1da8ad44f6a5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 21 Sep 2022 14:30:33 GMT
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H3X7hFzS81GkKUlNPk1jKEo7XuaeN%2FlneIs5PQX4X17XW%2BInSF6ais5Q1KhJ5krG%2BWsOjBbBBYiNcaSAbcGuihS%2Boz7FO4vNSpYx9aZFcEYHqVMKG33mcW%2BmesNWU9Cu23AbKrbHRqenfw%2BFrg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
cf-ray
7670b5fe8b1f17f9-EWR
expires
Tue, 15 Nov 2022 19:28:17 GMT
gtm.js
www.googletagmanager.com/ 		106 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874
Requested by
Host: capona.blob.core.windows.net
URL: https://capona.blob.core.windows.net/fxdhdhehjrtsk/fjrstksrtjrstjrsjtsrjsrtjsrtj.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
22ab0e632e42ca647b50b30b72ba1748da8894eb810c126eff6fd856182fccc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41825
x-xss-protection
0
last-modified
Tue, 08 Nov 2022 18:04:33 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 08 Nov 2022 19:28:17 GMT
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Arimo:wght@500;700&display=swap
Requested by
Host: westquests.com
URL: https://westquests.com/assets/css/dublin/dist/common-hybrid.css?v=94bb6d0b77c883e3d4fdc65f4610bce7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 08 Nov 2022 19:09:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 08 Nov 2022 19:28:17 GMT
js
www.googletagmanager.com/gtag/ 		211 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3f7b2ddec2e251bc84f3339366fbe7595ea8a94a239d841471efc82607be7b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75902
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 08 Nov 2022 19:28:17 GMT
v9e118mez8
trk-epicurei.com/scripts/push/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-epicurei.com/scripts/push/v9e118mez8
Requested by
Host: westquests.com
URL: https://westquests.com/inc/msg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:813d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6745ca7e5b3bbda5143038305bc1ec5648296f4dd1bbbdaa0f81b87ee35c9676
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/javascript;charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4KfOLNQWn%2Bh%2BYVJ%2BU4bQyTPMnvYn6B0NFtXhqKkt6WcH5ucJIy%2BVPiV33FvuoI4Cag75gNwRlooVZHF7AwIdNQVRFkjENvTRPjUzkoqy%2Bhsyhy7Vf%2FkOOCJDcKS9O7kwSQzBiCwcdSTdMKocCd5"}],"group":"cf-nel","max_age":604800}
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-ray
7670b5ff6b215590-EWR
expires
0
cf208b03924493bf26688fda12dbf375.png
westquests.com/fim/1961-US/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/cf208b03924493bf26688fda12dbf375.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6397f628a28671d7cff67cc61337ae3592e014d873a3bb1e916dbed7ae23e48e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8332
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dltTF7KxxVFvqGyriFbXBkWDnOtnb4%2F9LgHIYqGJ56fkeI12RDzgsXVyBlmF%2BTNnzptP3YFkSXjEkGYRCRqcUIgr6D3ui3AoODODvZrW2EfmId%2B9%2BJ94EX3aPOj%2FC35qUn582KuxB3Djov6uHA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5ffede917f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
2f2c002b57bf4b6740c3b83184dfbcc5.png
westquests.com/fim/1961-US/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/2f2c002b57bf4b6740c3b83184dfbcc5.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0109e9747e94335267d540104b0b256bc507882206be853bfbd6b13ddb1c277
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18427
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jN%2Fl5fXdkPnISFAo%2F8zjkGh3nKZbrcOt4gye5f9xC9pBQqyaLNAeliCgcyVO8Omp227vco1q1Pttqdv1gn0dS0TpPpvr10hobVMAFJBvrn%2BmJUbsgjZ4dAN6iQjcnt6cHmyNL8s9b6f1dNxlIw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdeb17f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
bf07362eb71f5f9e451620d0d841578a.png
westquests.com/fim/1961-US/ 		238 KB
238 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/bf07362eb71f5f9e451620d0d841578a.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fadc97721fb28e26e45d4e794dfc617ca95330bd58861a12d3874b1fd70daa78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
243337
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYqGYV787P%2Bxmu%2FnaLQQ3s10SRZr79h8CKaBLqPtBrQEh%2FFvxHTMxEg3p%2FddZbvoIThODaYxjoQ8Qs0p7S%2BofO%2Fo9QgBuDi4qOMtUEnscbwCJPh6uUZbgg5hn6hAumwZoYg4jQvqyZlmbpdsiA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffded17f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
79713e08c5cb36c31bfb7db320de710d.png
westquests.com/fim/1961-US/ 		538 KB
539 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/79713e08c5cb36c31bfb7db320de710d.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9747e77e06adfb183ca4a57b9be822881c6bfe9093bf703a3ec1fd5e087abd85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3263
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
551119
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PEPY6UN53elsJ6hrJZ%2BGtguGrKNxol165Vdku3%2BrVrgrRiJ0YYIz4biPOvOkP0XS%2B%2BlsQdlZR4RrKjihSbkhy54H7jHPmsQjLU7ENpfWZlcXv8gllQ7eyCp%2FtGp5WvrqVhys9zmWMwxy9RWCUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf117f9-EWR
expires
Tue, 15 Nov 2022 18:33:54 GMT
566350727a877c612e27dde10fb00786.jpg
westquests.com/fim/1961-US/ 		115 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/566350727a877c612e27dde10fb00786.jpg
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c605051317e13bfe08edd72deeccc97c988e42c4ebdc1a1595be148817c4b1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
117616
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tM%2BoipCPBqzZY0pkAKJbyXp387w803Lqn38Ji86zVzplwc33NvXhhw%2B%2F7ICrM7wmfuWFitTnNf2MtMhVedolm%2BG00E8AFXUTfkHEvH6usIPaRiXKD%2F98t4me%2FinwowRHVGa3mUzBMlO8dX9HYg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf317f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
139dda06c87b571c152325d57a638943.png
westquests.com/fim/1961-US/ 		407 KB
407 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/139dda06c87b571c152325d57a638943.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd5f85edb4ab2e4e4cdb7a8e8d632789153f396b75991b4bb233dffaf7078727
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
416608
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:57 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z49UWDbvrgu8RdUG4SjH99cFHhxtRQauoApwOYL8rIkLaasvMLTN9dP1mMDMyEp7Cn6mafXgS%2Ffi5HeqXXxDmvUwqzdVBPqBSkJd7OElL3IT3wfizOwnRvLjUmxTG09jl5er4Rk4JRqqFeIgKg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf417f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
96ecff6dc05db0e775b4125eca42ee89.png
westquests.com/fim/1961-US/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/96ecff6dc05db0e775b4125eca42ee89.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cb6e7e607f50a1c9503a5afab624682c0f7e7a106f7fbcca99031d65ace3cb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3304
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5023
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:54 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PlZr5RUd3J44Hz1eovrl8MElids5sQKDiZ3wcA1U1pgNzJRsvTyzkAt91dp7ngjhrakNEvwXfBUpa%2BhrzVWvpnuEsg%2Bt1uEkvgT1c1qCarCNpuzSTxBOzs85epbNWnbPg3X%2FDttkxOkZuN7P%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf517f9-EWR
expires
Tue, 15 Nov 2022 18:33:13 GMT
df4458c7e688eacd82ecf655c9fd4e7c.jpg
westquests.com/fim/1961-US/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/df4458c7e688eacd82ecf655c9fd4e7c.jpg
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b200114e8cbfe7c069288862e3ac18f2206e8a2dbbff276bcc7acb1fbf94507
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
46537
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/jpeg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAaLzZiqxIsxxdw3Vs2wiQMXcUjO6s7yVXFh3N3nJQIRmL2Dz%2FjoibHJlIlC2BsBUhEs57AuhtlXiUinsVHGxvVHGNTXwBPiakDqeFjid6aq%2B6eaZBV886%2F2%2FuA5ElG35J%2BavRg5eJbvwEibZw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf817f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
eb47b0d467f30b54cb4a7cc810f1e045.png
westquests.com/fim/1961-US/ 		832 KB
833 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/eb47b0d467f30b54cb4a7cc810f1e045.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f59b497d70bbbfc1e12d57dd9268af1d67e73446102fb4812d5573433919677
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
852224
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tqWSuf3PaIa9wYjouKrvhpc%2FwdyFwkSEkX7Abf8G1kUEGQ6dBeG7UocWoEQjOJ%2FJfGgQLdZOKuTZqnqyPoVKBId7Wus%2BwnWi4%2FkXTeomhtQ24iZA0Ow3gG7LaHRsg0OHxvk6%2FHumY8wGjWEYxw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdf917f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
2af3e17b20fdeed870913fbd3c302888.png
westquests.com/fim/1961-US/ 		384 KB
385 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/2af3e17b20fdeed870913fbd3c302888.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb4713e7b7d754088b15afa907f5713d6a5865e05114487ce253f767c9b0d26a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3318
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
393194
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:59 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy60rLI1%2BNAUiAQgWD9Z%2FaC%2FUGaJ1p3cZkQ3Xajs45ARK8IFdbk5dlA%2FkQTpVzwKAjgYU7UUokM2HJBnyKJyy54YbACJlWx9Ki1VojRVlQoCX1FLJ4kxa5DOhTIZLwCFCIyG0M%2B5vHwv27FjVA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdfb17f9-EWR
expires
Tue, 15 Nov 2022 18:32:59 GMT
a68cf2fab07fc5766d3ccca93b172311.png
westquests.com/fim/1961-US/ 		404 KB
405 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/a68cf2fab07fc5766d3ccca93b172311.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba98eecff8a45afcc8b229c02fa6eefff2f42f467c65298a1816a0e16318c2f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
414206
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FF6dHfRA3amift9Dpj7SnZReT3BM3qHO%2BVKELkkcyALOTKG%2BNQB%2F07gIvHcMnPFIksaVIPO8Z2sJMFyhv%2Bi32jsFc9J0Q3z%2Fig48MTjk5Cq2SH5pRwyS8N%2FO6AKSt%2BPmTgidx82Ff1o%2Bc%2BXdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdfc17f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
dc0c351b07c5c3c04a55d2bd7f281068.png
westquests.com/fim/1961-US/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/dc0c351b07c5c3c04a55d2bd7f281068.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d335d35caade2430e451afbf33599d0c3f434f6f69966f469ef609493341f0a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3318
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1715826
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HoCQOPFQlfBkRc%2BD%2BOM2haqLfdWp2QkdxARXJiZHwcb6Pdtz5%2Bx3iCljJObEKJRYhHKKupIWnoJ17jPtx0cK6nmLXzGhcdIgQ57ZBvhZzQDKY24tjpDq75gY%2Fk1PoKor2fNLt%2FJO1ftfFWF%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffdfe17f9-EWR
expires
Tue, 15 Nov 2022 18:32:59 GMT
8b1bc895a52039062d53a360c8ebaa89.png
westquests.com/fim/1961-US/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fim/1961-US/8b1bc895a52039062d53a360c8ebaa89.png
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3352
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5389
x-xss-protection
1; mode=block
last-modified
Tue, 08 Nov 2022 18:31:52 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
image/png
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qSPmJ0X308QtXmtVPrH%2Fx9Xf0YP93WFM%2Bl3VrLwIePMqHpcDKEtmZXTNqjRTYSIlZZN6cV2oD3BzfZ%2FTXsBXeYDYhT7axWmP2dZCsE7LefurfWRHd9ld5CEm3cx2C4hj%2B%2BRpgzCiYSna6tj2uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b5fffe0017f9-EWR
expires
Tue, 15 Nov 2022 18:32:25 GMT
fff641386d874aea8ac70f5befcccf48
westquests.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://westquests.com/fff641386d874aea8ac70f5befcccf48
Requested by
Host: westquests.com
URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/fff641386d874aea8ac70f5befcccf48
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvYhbC0xZs4%2BnkSMVqwvFgp%2BqTg%2Bpeo6zAXrV432Gn2NIqKkXxKNwdzeNsU1T2%2BS%2FeiyHNk17%2Bw%2F4YELz5rl58mbUp%2B7eLsPn0DzRagGu4%2BqMbeUCiTjnKaAnaSMRWN4tLW3VKWNZeHyMtJY1A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
7670b6000e2217f9-EWR
expires
Thu, 19 Nov 1981 08:52:00 GMT
fa-solid-900.woff2
westquests.com/assets/vendors/fontawesome/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://westquests.com/assets/vendors/fontawesome/webfonts/fa-solid-900.woff2
Requested by
Host: westquests.com
URL: https://westquests.com/assets/vendors/fontawesome/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:472 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://westquests.com/assets/vendors/fontawesome/css/all.css
Origin
https://westquests.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 08 Nov 2022 19:28:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13571
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
80252
x-xss-protection
1; mode=block
last-modified
Mon, 19 Jul 2021 19:01:59 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
User-Agent,User-Agent, Accept-Encoding
content-type
font/woff2
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YkZ%2FwXMgG9ADSQSjTGa0BRcIzJwqIY0TLHCJ%2Bn8nxsdzovQkMlMwpLwwJh9jcERXvkvMFzwIePMfi8b0d6Jtm0wdmTrVhuUCS2iCz6RSSTJkRWuTaffnl02TzMsZjxAGjgMthIQCXdO%2FfeipKA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
7670b6000e2317f9-EWR
expires
Tue, 15 Nov 2022 15:42:06 GMT
collect
www.google-analytics.com/g/ 		0
346 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-JMJ044GLKX&gtm=2oeb70&_p=1164881001&cid=738066341.1667935698&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1667935698&sct=1&seg=0&dl=https%3A%2F%2Fwestquests.com%2Ffff641386d874aea8ac70f5befcccf48&dr=https%3A%2F%2Finfirmstrag.com%2F&dt=%5B1%5D%20Reward%20Pending%20-%20Kohl%27s%20-%20We%20Want%20Your%20Opinion!&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://westquests.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 08 Nov 2022 19:28:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://westquests.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v9e118mez8
event.trk-epicurei.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-epicurei.com/register/event_log/v9e118mez8
Requested by
Host: trk-epicurei.com
URL: https://trk-epicurei.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:283 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://westquests.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Tue, 08 Nov 2022 19:28:18 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1fRZGH7eLlfp9i5i4OCXA%2FfaE%2B7Ay9QC6Nf%2BFwCfaKABypgYaZw1msb0fUMFCGHFO6%2BqtUvcriE%2FabVk9rtk2wgmt1WVvxXeX1sQcnZoGro%2FaqCmIJwXiOZ%2Fxwq5WYL4dMrcVBsqtMWyI%2BNt5tpnAT%2B4Wqi"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://westquests.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-ray
7670b602beff78d5-EWR
x-pushplatformapp-params
v9e118mez8
event.trk-epicurei.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-epicurei.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:283 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://westquests.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://westquests.com
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7670b6026ef7181d-EWR
content-length
0
date
Tue, 08 Nov 2022 19:28:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKl7o%2FrgIQDG690sZXutgS%2BMi8FZfVsjme4oK%2B9oBkBaRjS3jsP2ZNhOAlZMs5cvUNz5%2FCOj8IFicOqmDc2XUD7r3sRxZH6YaSy7G37msRN6oX73UW3qVzjPQAy%2F6tH54gfzEoNvvoryzNkYnHun6Bjbhn9P"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
v9e118mez8
event.trk-epicurei.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-epicurei.com/register/event_log/v9e118mez8
Requested by
Host: trk-epicurei.com
URL: https://trk-epicurei.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:283 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://westquests.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type
application/json

Response headers

expires
0
date
Tue, 08 Nov 2022 19:28:18 GMT
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUrHx5qHth%2B1rpJWh17MU29mBUSDei5pnL3kIh0XkaUxuCPT5ZmHIuOgMgee25plZ%2BrW2lhIOyf2h62d7t2jbigy4Ti3Y5FOScQSBM4awmNAfRXDxNP8%2B2e5LJ65VBjb59PMZMHL9r2Hs2fJQk6dRflbWwSn"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://westquests.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-ray
7670b602bf0278d5-EWR
x-pushplatformapp-params
v9e118mez8
event.trk-epicurei.com/register/event_log/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-epicurei.com/register/event_log/v9e118mez8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:283 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://westquests.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://westquests.com
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-max-age
1800
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7670b6026ef9181d-EWR
content-length
0
date
Tue, 08 Nov 2022 19:28:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CiOgfDLLixN212D%2BdnuiGy0rRvF8e6AMiDeQp9tlws8miLW2otULKNqnimwDrfm0QGyKtV58FQg%2Fk%2BbBGRRGuRo1HWykG0zVtu1urWTQPeZrnha0n6GgBAGPhzUYohkt3A3R3y9VI4fAEo6ProX0%2B6B0gjFZ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x4eba function| _0x3ccf object| dataLayer object| google_tag_manager object| google_tag_data object| MYCALL string| s1 string| s2 string| esource string| pshpub string| pshdomain object| _0xc89e function| _0xe4c function| $ function| jQuery object| bootstrap function| datehax function| startTimer number| duration object| _0xc91e function| _0xe35c string| rightnow string| imageSquare object| currentdate object| months function| startINTSurvey function| startQuestion function| startSurveyDub function| showSurveyDub object| _0xc43e function| _0xe47c string| LNG string| CMP string| CNT string| BID string| API_URL function| a0_0x5ad3ea string| attrChoices string| domain number| count string| pipeline string| zipcode string| state_selected boolean| processing object| states function| birthdayFill function| beforeShowQuestion function| showOfferWall function| createQuestion function| processQuestion function| nextQuestion function| replaceUrlParam function| popunder function| startsurvey number| box_trying boolean| oneclick function| a0_0x10bf function| formatPhoneNumber function| switchTypeQuestions function| a0_0x4217 function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| overflowP function| showDisclaimer function| preventS function| comment function| like function| startSurveyU function| createQuestionU function| switchTypeQuestionsU function| nextQuestionU function| validateData function| showStreetStateU function| showModal function| showOfferWallU string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| languageCode string| countryCode string| popUrl string| questiontx string| of function| putVarCommon object| _0xc82e function| _0xe58c object| _0xc13e function| _0xe96c number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| cheers function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| onYouTubeIframeAPIReady object| gaGlobal

5 Cookies

Domain/Path Name / Value
.bit.ly/ Name: _bit
Value: ma8jsf-88bab29f5f0895dfb2-00D
infirmstrag.com/ Name: uid4882
Value: 847176098-20221108142816-51cd74691425c8c2de45052cead6d772-
westquests.com/ Name: PHPSESSID
Value: e21205f900eb1c7baa56c4425552cd66
.westquests.com/ Name: _ga_JMJ044GLKX
Value: GS1.1.1667935698.1.0.1667935698.0.0.0
.westquests.com/ Name: _ga
Value: GA1.1.738066341.1667935698

1 Console Messages

Source Level URL
Text
other error URL: https://westquests.com/fff641386d874aea8ac70f5befcccf48
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
capona.blob.core.windows.net
event.trk-epicurei.com
fonts.googleapis.com
habasha.live
infirmstrag.com
trk-epicurei.com
westquests.com
www.google-analytics.com
www.googletagmanager.com
141.98.5.227
20.60.2.36
2606:4700:3033::6815:283
2606:4700:3033::ac43:813d
2606:4700:3035::6815:472
2607:f8b0:4006:81d::200a
2607:f8b0:4006:820::2008
2607:f8b0:4006:822::200e
62.210.168.142
67.199.248.10
06c3f3452108be85c9304eb8e6fc6dc831534e12362cfd03afd47f4320f894a3
1cb6e7e607f50a1c9503a5afab624682c0f7e7a106f7fbcca99031d65ace3cb5
22ab0e632e42ca647b50b30b72ba1748da8894eb810c126eff6fd856182fccc1
3d335d35caade2430e451afbf33599d0c3f434f6f69966f469ef609493341f0a
3f7b2ddec2e251bc84f3339366fbe7595ea8a94a239d841471efc82607be7b5f
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4b200114e8cbfe7c069288862e3ac18f2206e8a2dbbff276bcc7acb1fbf94507
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
5de7a79e14562963ef11f0d95f7a098e3cc018347a95290e292bef9b7d4677b5
5ebf2757ee6e09f524e72c7f02236ba73c82bad3763e017a20fc8d8aab232be7
6397f628a28671d7cff67cc61337ae3592e014d873a3bb1e916dbed7ae23e48e
6745ca7e5b3bbda5143038305bc1ec5648296f4dd1bbbdaa0f81b87ee35c9676
6817cfb025dfeecc36f70e8ee8a85791d38097ede04f07ca2d9deea4311b4215
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc
7077430b976a181d99efafc06e7e29923636aa84041bdd06c78fce5d960bb074
7c605051317e13bfe08edd72deeccc97c988e42c4ebdc1a1595be148817c4b1e
8f59b497d70bbbfc1e12d57dd9268af1d67e73446102fb4812d5573433919677
9747e77e06adfb183ca4a57b9be822881c6bfe9093bf703a3ec1fd5e087abd85
9b4c84011aeb426d9889b4a53b84cad886e503c2b940443acae93a2932c99a8c
a877614e935f837f3779cf2d0b868d530aebe491339a2fdfeba1da8ad44f6a5a
ba98eecff8a45afcc8b229c02fa6eefff2f42f467c65298a1816a0e16318c2f7
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
bd5f85edb4ab2e4e4cdb7a8e8d632789153f396b75991b4bb233dffaf7078727
c0109e9747e94335267d540104b0b256bc507882206be853bfbd6b13ddb1c277
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
fadc97721fb28e26e45d4e794dfc617ca95330bd58861a12d3874b1fd70daa78
fb4713e7b7d754088b15afa907f5713d6a5865e05114487ce253f767c9b0d26a