urlscan.io logo urlscan.io
SecurityTrails logo

apply.heatherxlife.com Open in urlscan Pro
35.209.73.242  Public Scan

Go To Rescan Add Verdict Report
URL: https://apply.heatherxlife.com/
Submission Tags: @phishunt_io
Submission: On June 12 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 9 domains to perform 21 HTTP transactions. The main IP is 35.209.73.242, located in Council Bluffs, United States and belongs to GOOGLE-2, US. The main domain is apply.heatherxlife.com.
TLS certificate: Issued by R3 on June 11th 2021. Valid for: 3 months.
This is the only time apply.heatherxlife.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    35.209.73.242 (Council Bluffs, United States)

ASN19527 (GOOGLE-2, US)
PTR: 242.73.209.35.bc.googleusercontent.com
apply.heatherxlife.com
7    2606:4700:10::6816:10f5 (United States)

ASN13335 (CLOUDFLARENET, US)
strife.back9ins.com
quoteandapply.back9ins.com
app.back9ins.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
4    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    2606:4700:20::681a:7b4 (United States)

ASN13335 (CLOUDFLARENET, US)
browser-update.org
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
google.com
1    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    51.77.64.70 (France)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com
pro.ip-api.com
1    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
5 quoteandapply.back9ins.com strife.back9ins.com
quoteandapply.back9ins.com
4 maps.googleapis.com ajax.cloudflare.com
maps.googleapis.com
2 fonts.gstatic.com fonts.googleapis.com
2 cdn.jsdelivr.net quoteandapply.back9ins.com
cdn.jsdelivr.net
1 pro.ip-api.com quoteandapply.back9ins.com
1 www.google.com
1 google.com 1 redirects
1 browser-update.org apply.heatherxlife.com
1 app.back9ins.com quoteandapply.back9ins.com
1 ajax.cloudflare.com quoteandapply.back9ins.com
1 fonts.googleapis.com quoteandapply.back9ins.com
1 strife.back9ins.com apply.heatherxlife.com
1 apply.heatherxlife.com
21 13

This site contains no links.

Subject Issuer Validity Valid
apply.heatherxlife.com
R3		 2021-06-11 -
2021-09-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-17 -
2021-08-09		 3 months crt.sh
ajax.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-11 -
2022-08-16		 2 years crt.sh
www.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.ip-api.com
Sectigo RSA Domain Validation Secure Server CA		 2019-11-05 -
2021-11-04		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://apply.heatherxlife.com/
Frame ID: 50F41376322D1FDEE323BDD0BC86D5DA
Requests: 2 HTTP requests in this frame

Frame: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Frame ID: 6AD302EAA30B9060E20EA304884B5B8D
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

21
Requests

100 %
HTTPS

83 %
IPv6

9
Domains

13
Subdomains

11
IPs

3
Countries

1255 kB
Transfer

3210 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://google.com/favicon.ico?1623483376946 HTTP 301
  • https://www.google.com/favicon.ico?1623483376946=

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
apply.heatherxlife.com/ 		796 B
523 B 		Document
General
Check archive.org
Download Go to
Full URL
https://apply.heatherxlife.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.209.73.242 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
242.73.209.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
c172426192efff579f83ab00c51f3eb10c5c53c698578645d6952e2a2aa8a73a

Request headers

:method
GET
:authority
apply.heatherxlife.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Sat, 12 Jun 2021 07:36:15 GMT
content-type
text/html
vary
Accept-Encoding
last-modified
Mon, 09 Nov 2020 06:18:15 GMT
etag
W/"31c-5b3a6871690f4"
x-httpd
1
host-header
8441280b0c35cbc1147f8ba998a563a7
x-proxy-cache
HIT
content-encoding
br
strife.js
strife.back9ins.com/production/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://strife.back9ins.com/production/strife.js
Requested by
Host: apply.heatherxlife.com
URL: https://apply.heatherxlife.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0ff2a82cd785bae173ce20a4ae613a2f6dc1c5b5420650ac149c7ba06b7f7b68

Request headers

Referer
https://apply.heatherxlife.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:15 GMT
via
1.1 vegur
cf-cache-status
HIT
age
32304
x-powered-by
Express
surrogate-control
no-store
content-encoding
gzip
cf-request-id
0aa0bf78940000dfc774853000000001
pragma
no-cache
last-modified
Fri, 11 Jun 2021 22:34:54 GMT
server
cloudflare
etag
W/"14e7-179fd36beb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
expires
0
cache-control
max-age=31536000, must-revalidate, proxy-revalidate
cf-polished
origSize=5351
cf-ray
65e1683a8ac9dfc7-FRA
cf-bgj
minify
index.html
quoteandapply.back9ins.com/ Frame 6AD3 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Requested by
Host: strife.back9ins.com
URL: https://strife.back9ins.com/production/strife.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f77d0c145c8931e2fce6a3b94efea826f11e2f6e559b94acfdf3bb03a1e25ff5

Request headers

:method
GET
:authority
quoteandapply.back9ins.com
:scheme
https
:path
/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://apply.heatherxlife.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://apply.heatherxlife.com/

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-type
text/html; charset=UTF-8
x-powered-by
Express
surrogate-control
no-store
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
pragma
no-cache
expires
0
access-control-allow-origin
*
last-modified
Fri, 11 Jun 2021 22:34:54 GMT
vary
Accept-Encoding
via
1.1 vegur
cf-cache-status
DYNAMIC
cf-request-id
0aa0bf78b80000dfc7a5859000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
65e1683abb3bdfc7-FRA
content-encoding
gzip
app.49474363.css
quoteandapply.back9ins.com/css/ Frame 6AD3 		59 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://quoteandapply.back9ins.com/css/app.49474363.css
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3c7013a7277aec0103a3630dfa1f405f028960687fd5160fd9f01396f84a9c5d

Request headers

Referer
https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
via
1.1 vegur
cf-cache-status
HIT
age
32385
x-powered-by
Express
surrogate-control
no-store
content-encoding
gzip
cf-request-id
0aa0bf7c290000dfc783be8000000001
pragma
no-cache
last-modified
Fri, 11 Jun 2021 22:34:54 GMT
server
cloudflare
etag
W/"eb23-179fd36beb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
expires
0
cache-control
max-age=31536000, must-revalidate, proxy-revalidate
cf-polished
origSize=60195
cf-ray
65e168403dbadfc7-FRA
cf-bgj
minify
chunk-vendors.3c261fff.css
quoteandapply.back9ins.com/css/ Frame 6AD3 		416 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://quoteandapply.back9ins.com/css/chunk-vendors.3c261fff.css
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
18146a2da0bc2b5ee6716f9a3bd2a8f3cd405653c51d8d8030dcf900710ac5a8

Request headers

Referer
https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
via
1.1 vegur
cf-cache-status
HIT
age
1953091
x-powered-by
Express
surrogate-control
no-store
content-encoding
gzip
cf-request-id
0aa0bf7c260000dfc7a5899000000001
pragma
no-cache
last-modified
Thu, 20 May 2021 17:03:46 GMT
server
cloudflare
etag
W/"68256-1798abbad50"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
expires
0
cache-control
max-age=31536000, must-revalidate, proxy-revalidate
cf-polished
origSize=426582
cf-ray
65e168403dbedfc7-FRA
cf-bgj
minify
app.a4bf1ee2.js
quoteandapply.back9ins.com/js/ Frame 6AD3 		575 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quoteandapply.back9ins.com/js/app.a4bf1ee2.js
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e84317aa122949cd3d27f655a324a7f87f2cb4dde519ba9b87d49f89cba225ee

Request headers

Referer
https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
via
1.1 vegur
cf-cache-status
HIT
age
32384
x-powered-by
Express
surrogate-control
no-store
cf-bgj
minify
content-encoding
gzip
cf-request-id
0aa0bf7c270000dfc7842a0000000001
pragma
no-cache
last-modified
Fri, 11 Jun 2021 22:34:54 GMT
server
cloudflare
etag
W/"8fba0-179fd36beb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate, proxy-revalidate
cf-ray
65e168403dc1dfc7-FRA
expires
0
chunk-vendors.2c2acc49.js
quoteandapply.back9ins.com/js/ Frame 6AD3 		980 KB
300 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quoteandapply.back9ins.com/js/chunk-vendors.2c2acc49.js
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4fdbe466b7ed332594d6934a3d8fcbe2f40b5dd077ebfdbd772007f55a59afdb

Request headers

Referer
https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
via
1.1 vegur
cf-cache-status
HIT
age
32385
x-powered-by
Express
surrogate-control
no-store
content-encoding
gzip
cf-request-id
0aa0bf7c270000dfc7b0851000000001
pragma
no-cache
last-modified
Fri, 11 Jun 2021 22:34:54 GMT
server
cloudflare
etag
W/"f51fc-179fd36beb0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
expires
0
cache-control
max-age=31536000, must-revalidate, proxy-revalidate
cf-polished
origSize=1004028
cf-ray
65e168403dc2dfc7-FRA
cf-bgj
minify
css
fonts.googleapis.com/ Frame 6AD3 		12 KB
922 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
63d9e1fb392138badd064ac8014c98a52d5009ff79ba86acce4103289e63687b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 12 Jun 2021 07:24:25 GMT
server
ESF
date
Sat, 12 Jun 2021 07:36:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 12 Jun 2021 07:36:16 GMT
materialdesignicons.min.css
cdn.jsdelivr.net/npm/@mdi/font@latest/css/ Frame 6AD3 		268 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b9c9c2d93395ec8f6a7e8220ace8030af3cd8ce73ec9b67f57e4712b54432cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
23994
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0aa0bf7c2c0000970498ba4000000001
x-served-by
cache-fra19162-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"42ee2-CKTXny4oZWgGaKw+ActLLIvSXKE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
65e1684048709704-FRA
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 6AD3 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/index.html?parent_url=https%3A%2F%2Fapply.heatherxlife.com%2F&client_id=oKLgBP2BCeOXYqcb&agent_id=&use_modal=false&script_src=https%3A%2F%2Fstrife.back9ins.com%2Fproduction%2Fstrife.js&use_webapp=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
cf-request-id
0aa0bf7c4200004eb5a39be000000001
last-modified
Tue, 08 Jun 2021 15:58:01 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"60bf9389-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XPEw5mMdVA3uKYgh2GBG92ombqkBLtPFjAKvLm1Qy0P2I2SN%2B3pAwNvrhi7jNK1qD9RRJWdlFwP0%2BU08HBUdkLoKiiPkD%2BVgvKp5bmtCY65nAcYCOYCaeXyMXzaHQHR%2F476avQ%2F6gJrJTUmn"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
65e1684068504eb5-FRA
expires
Mon, 14 Jun 2021 07:36:16 GMT
js
maps.googleapis.com/maps/api/ Frame 6AD3 		140 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyBsNmNnvyhzDbrdn6SKrp2Iy04sbnqojKI&libraries=places
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
a3a566d410934ef93dc03af7e457341d60b199b57555a3a29628651f78a9425c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=16
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46833
x-xss-protection
0
expires
Sat, 12 Jun 2021 08:06:16 GMT
oKLgBP2BCeOXYqcb
app.back9ins.com/strife/v1/approved_domains/ Frame 6AD3 		0
614 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.back9ins.com/strife/v1/approved_domains/oKLgBP2BCeOXYqcb?npn=&domain=https:%2F%2Fapply.heatherxlife.com%2F
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/js/chunk-vendors.2c2acc49.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:10f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:17 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
vary
Origin
x-xss-protection
1; mode=block
x-request-id
e69d57c9-1f3a-4b5f-84cf-279b2293b92b
x-runtime
0.007246
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
1728000
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
https://quoteandapply.back9ins.com
access-control-expose-headers
access-token, client, expiry, uid, token-type
cache-control
no-cache
access-control-allow-credentials
true
cf-request-id
0aa0bf7d5300004a5590171000000001
cf-ray
65e168421bed4a55-FRA
update.min.js
browser-update.org/ Frame 6AD3 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser-update.org/update.min.js
Requested by
Host: apply.heatherxlife.com
URL: https://apply.heatherxlife.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:7b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a0f5c601831f5a644145b3ec16b6514f6915b9c70d962654b2f6219de558227

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 09 May 2021 07:17:46 GMT
server
cloudflare
age
519327
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=d7LE9DgD4fSVs1mVerbQdlrfNDxQXNWHP1KEbfNJf55EZljUZJXvUvF4WV91ktZs6YBFVXjdFyFim0TZ0L7oa7M1LSZsTg%2F4hJWTiahvDxExaNcVdI9709zxQ7fmTrOHZYKuP0GugEU04jQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
65e168420a934e1f-FRA
cf-request-id
0aa0bf7d4200004e1f85886000000001
expires
Mon, 07 Jun 2021 07:20:49 GMT
favicon.ico
www.google.com/ Frame 6AD3
Redirect Chain
  • https://google.com/favicon.ico?1623483376946
  • https://www.google.com/favicon.ico?1623483376946=
5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/favicon.ico?1623483376946=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:30:00 GMT
server
sffe
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=691200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1494
x-xss-protection
0
expires
Sun, 20 Jun 2021 07:36:16 GMT

Redirect headers

date
Sat, 12 Jun 2021 07:36:16 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
location
https://www.google.com/favicon.ico?1623483376946=
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
246
x-xss-protection
0
expires
Sat, 12 Jun 2021 08:06:16 GMT
json
pro.ip-api.com/ Frame 6AD3 		266 B
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pro.ip-api.com/json?key=CyjXqIvQcVCcQGX
Requested by
Host: quoteandapply.back9ins.com
URL: https://quoteandapply.back9ins.com/js/chunk-vendors.2c2acc49.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
51.77.64.70 , France, ASN16276 (OVH, FR),
Reverse DNS
de-fra-1.pro.ip-api.com
Software
/
Resource Hash
be929aeaf7120482f932b64c5ebb91d3868b7030655bb3537e8a9933ec37ada9

Request headers

Accept
application/json, text/plain, */*
Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 12 Jun 2021 07:36:17 GMT
Content-Length
266
Content-Type
application/json; charset=utf-8
materialdesignicons-webfont.woff2
cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/ Frame 6AD3 		318 KB
318 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/materialdesignicons-webfont.woff2?v=5.9.55
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da7fba3ca3e0b9cd42a9cd10c7c6ed16d2fdb938174116601cd3d51033c6f490
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://quoteandapply.back9ins.com
Referer
https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:36:17 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
8212
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
325244
cf-request-id
0aa0bf7e680000536a5330a000000001
x-served-by
cache-fra19149-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"4f67c-W8lIr//mYzY5FU4CS/BHzz74EyY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
cf-ray
65e16843db5e536a-FRA
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 6AD3 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://quoteandapply.back9ins.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 11 Jun 2021 18:34:35 GMT
x-content-type-options
nosniff
age
46902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:35 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Jun 2022 18:34:35 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 6AD3 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://quoteandapply.back9ins.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 08 Jun 2021 21:42:16 GMT
x-content-type-options
nosniff
age
294841
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Mon, 05 Apr 2021 21:10:39 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Jun 2022 21:42:16 GMT
common.js
maps.googleapis.com/maps-api-v3/api/js/45/2/ Frame 6AD3 		90 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/45/2/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBsNmNnvyhzDbrdn6SKrp2Iy04sbnqojKI&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
646863cc7d971361fa95f95b7a01307e0761a8cbb7c5b352ffd5b16ce8a30e2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 02:17:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19120
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33171
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 23:43:06 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 02:17:41 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/45/2/ Frame 6AD3 		286 KB
286 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/45/2/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyBsNmNnvyhzDbrdn6SKrp2Iy04sbnqojKI&libraries=places
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3413d24b2e7c099732dfb8b1ac6af80782a7e2b4c423a8a57565c5370379feb5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:01:48 GMT
vary
Accept-Encoding, Origin
last-modified
Tue, 08 Jun 2021 23:43:06 GMT
server
sffe
x-content-type-options
nosniff
age
2073
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
293152
x-xss-protection
0
expires
Sun, 12 Jun 2022 07:01:48 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ Frame 6AD3 		62 B
83 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fquoteandapply.back9ins.com%2Fagent-select%3Fparent_url%3Dhttps%253A%252F%252Fapply.heatherxlife.com%252F%26client_id%3DoKLgBP2BCeOXYqcb%26agent_id%3D%26use_modal%3Dfalse%26script_src%3Dhttps%253A%252F%252Fstrife.back9ins.com%252Fproduction%252Fstrife.js%26use_webapp%3Dfalse&4sAIzaSyBsNmNnvyhzDbrdn6SKrp2Iy04sbnqojKI&callback=_xdc_._uri17g&key=AIzaSyBsNmNnvyhzDbrdn6SKrp2Iy04sbnqojKI&token=100566
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/45/2/common.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
73e62c1da3cef229d3f5e6fdcb0ba4efcc575cca6430c06d4c162958a011ccdc
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://quoteandapply.back9ins.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 12 Jun 2021 07:36:21 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=24
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| currentScript string| agentId string| clientId object| subscriberId boolean| shouldActivate string| containerId boolean| useModal boolean| useWebapp string| scriptSrc function| run

0 Cookies

1 Console Messages

Source Level URL
Text
console-api warning URL: https://quoteandapply.back9ins.com/js/chunk-vendors.2c2acc49.js(Line 27)
Message:
Error: Request failed with status code 404

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
app.back9ins.com
apply.heatherxlife.com
browser-update.org
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
google.com
maps.googleapis.com
pro.ip-api.com
quoteandapply.back9ins.com
strife.back9ins.com
www.google.com
2606:4700:10::6816:10f5
2606:4700:20::681a:7b4
2606:4700::6810:5614
2606:4700::6810:5914
2606:4700::6810:a723
2a00:1450:4001:809::2003
2a00:1450:4001:809::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::200a
2a00:1450:4001:831::200a
35.209.73.242
51.77.64.70
0ff2a82cd785bae173ce20a4ae613a2f6dc1c5b5420650ac149c7ba06b7f7b68
18146a2da0bc2b5ee6716f9a3bd2a8f3cd405653c51d8d8030dcf900710ac5a8
3413d24b2e7c099732dfb8b1ac6af80782a7e2b4c423a8a57565c5370379feb5
3c7013a7277aec0103a3630dfa1f405f028960687fd5160fd9f01396f84a9c5d
4fdbe466b7ed332594d6934a3d8fcbe2f40b5dd077ebfdbd772007f55a59afdb
63d9e1fb392138badd064ac8014c98a52d5009ff79ba86acce4103289e63687b
646863cc7d971361fa95f95b7a01307e0761a8cbb7c5b352ffd5b16ce8a30e2f
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
73e62c1da3cef229d3f5e6fdcb0ba4efcc575cca6430c06d4c162958a011ccdc
8a0f5c601831f5a644145b3ec16b6514f6915b9c70d962654b2f6219de558227
9b9c9c2d93395ec8f6a7e8220ace8030af3cd8ce73ec9b67f57e4712b54432cb
a3a566d410934ef93dc03af7e457341d60b199b57555a3a29628651f78a9425c
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
be929aeaf7120482f932b64c5ebb91d3868b7030655bb3537e8a9933ec37ada9
c172426192efff579f83ab00c51f3eb10c5c53c698578645d6952e2a2aa8a73a
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
da7fba3ca3e0b9cd42a9cd10c7c6ed16d2fdb938174116601cd3d51033c6f490
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e84317aa122949cd3d27f655a324a7f87f2cb4dde519ba9b87d49f89cba225ee
f77d0c145c8931e2fce6a3b94efea826f11e2f6e559b94acfdf3bb03a1e25ff5