moneydoesgrowontreeskhfs.com Open in urlscan Pro
104.17.195.73 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://moneydoesgrowontreeskhfs.com/
Submission: On October 19 via automatic, source certstream-suspicious (October 19th 2021, 12:19:28 am UTC) — Scanned from DE

Summary HTTP 136 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 34 IPs in 2 countries across 24 domains to perform 136 HTTP transactions. The main IP is 104.17.195.73, located in United States and belongs to CLOUDFLARENET, US. The main domain is moneydoesgrowontreeskhfs.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 19th 2021. Valid for: a year.

This is the only time moneydoesgrowontreeskhfs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	104.17.195.73 104.17.195.73	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
3	142.250.186.42 142.250.186.42	15169 (GOOGLE) (GOOGLE)
1	52.216.234.51 52.216.234.51	16509 (AMAZON-02) (AMAZON-02)
1	216.52.119.101 216.52.119.101	10913 (INTERNAP-BLK) (INTERNAP-BLK)
15	13.32.29.104 13.32.29.104	16509 (AMAZON-02) (AMAZON-02)
2	35.190.161.161 35.190.161.161	15169 (GOOGLE) (GOOGLE)
3	13.35.253.80 13.35.253.80	16509 (AMAZON-02) (AMAZON-02)
2	104.17.211.204 104.17.211.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	104.16.5.81 104.16.5.81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.19.94 104.16.19.94	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
1	13.32.29.125 13.32.29.125	16509 (AMAZON-02) (AMAZON-02)
7	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
1	151.101.65.35 151.101.65.35	54113 (FASTLY) (FASTLY)
3	99.86.3.22 99.86.3.22	16509 (AMAZON-02) (AMAZON-02)
29	142.250.186.46 142.250.186.46	15169 (GOOGLE) (GOOGLE)
4	2.16.186.234 2.16.186.234	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
5	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	52.4.241.247 52.4.241.247	14618 (AMAZON-AES) (AMAZON-AES)
6	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	172.217.18.115 172.217.18.115	15169 (GOOGLE) (GOOGLE)
1	142.250.185.65 142.250.185.65	15169 (GOOGLE) (GOOGLE)
3	173.194.188.199 173.194.188.199	15169 (GOOGLE) (GOOGLE)
8	74.125.160.231 74.125.160.231	15169 (GOOGLE) (GOOGLE)
5	151.101.1.35 151.101.1.35	54113 (FASTLY) (FASTLY)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
1	2.20.192.132 2.20.192.132	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
136	34

3 104.17.195.73 (United States)

ASN13335 (CLOUDFLARENET, US)

moneydoesgrowontreeskhfs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.65.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.234.51 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

vp-digital-tower-etc.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.119.101 (United States)

ASN10913 (INTERNAP-BLK, US)
PTR: smtp.list.bbb.org

seal-charlotte.bbb.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 13.32.29.104 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-104.fra56.r.cloudfront.net

imageprocessor.digital.vistaprint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.161.161 (United States)

ASN15169 (GOOGLE, US)
PTR: 161.161.190.35.bc.googleusercontent.com

checkoutlib.billsby.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-80.fra6.r.cloudfront.net

cdn.respond.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.chatapi.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.211.204 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.5.81 (United States)

ASN13335 (CLOUDFLARENET, US)

static.websimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.19.94 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.29.125 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-29-125.fra56.r.cloudfront.net

assets.digital.vistaprint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.3.22 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-22.fra6.r.cloudfront.net

d2p078bqz5urf7.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net

www.youtube-nocookie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.16.186.234 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-234.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.4.241.247 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-241-247.compute-1.amazonaws.com

statscollector.digital.vistaprint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.115 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f115.1e100.net

app.engagebay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f1.1e100.net

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.188.199 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s36-in-f7.1e100.net

r2---sn-4g5ednsd.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 74.125.160.231 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s15-in-f7.1e100.net

r2---sn-4g5lzne6.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.1.35 (United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.20.192.132 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-20-192-132.deploy.static.akamaitechnologies.com

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	youtube-nocookie.com www.youtube-nocookie.com	768 KB
20	paypal.com 1 redirects www.paypal.com t.paypal.com c.paypal.com b.stats.paypal.com dub.stats.paypal.com c6.paypal.com	361 KB
17	vistaprint.com imageprocessor.digital.vistaprint.com assets.digital.vistaprint.com statscollector.digital.vistaprint.com	2 MB
13	gstatic.com fonts.gstatic.com www.gstatic.com	883 KB
11	googlevideo.com r2---sn-4g5ednsd.googlevideo.com r2---sn-4g5lzne6.googlevideo.com	830 KB
8	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	180 KB
6	google.com www.google.com adservice.google.com	35 KB
4	tiktok.com analytics.tiktok.com	67 KB
3	cloudfront.net d2p078bqz5urf7.cloudfront.net	66 KB
3	googleapis.com fonts.googleapis.com	2 KB
3	moneydoesgrowontreeskhfs.com moneydoesgrowontreeskhfs.com	138 KB
2	engagebay.com app.engagebay.com	1 KB
2	chatapi.net cdn.chatapi.net	74 KB
2	doubleclick.net googleads.g.doubleclick.net	5 KB
2	googletagmanager.com www.googletagmanager.com	63 KB
2	hs-scripts.com js.hs-scripts.com
2	billsby.com checkoutlib.billsby.com	14 KB
1	ggpht.com yt3.ggpht.com	1 KB
1	googleadservices.com partner.googleadservices.com	669 B
1	cloudflare.com cdnjs.cloudflare.com	19 KB
1	websimages.com static.websimages.com	1 KB
1	respond.io cdn.respond.io	15 KB
1	bbb.org seal-charlotte.bbb.org	7 KB
1	amazonaws.com vp-digital-tower-etc.s3.amazonaws.com	11 KB
136	24

	Domain	Requested by
29	www.youtube-nocookie.com	moneydoesgrowontreeskhfs.com www.youtube-nocookie.com
15	imageprocessor.digital.vistaprint.com	moneydoesgrowontreeskhfs.com
11	www.paypal.com	moneydoesgrowontreeskhfs.com www.paypal.com cdnjs.cloudflare.com
8	r2---sn-4g5lzne6.googlevideo.com	www.youtube-nocookie.com
7	fonts.gstatic.com	fonts.googleapis.com www.youtube-nocookie.com www.google.com
6	www.gstatic.com	www.google.com www.youtube-nocookie.com www.gstatic.com
6	pagead2.googlesyndication.com	moneydoesgrowontreeskhfs.com pagead2.googlesyndication.com cdnjs.cloudflare.com tpc.googlesyndication.com
5	c.paypal.com	www.paypal.com c.paypal.com
5	www.google.com	moneydoesgrowontreeskhfs.com www.gstatic.com www.youtube-nocookie.com www.google.com tpc.googlesyndication.com
4	analytics.tiktok.com	moneydoesgrowontreeskhfs.com analytics.tiktok.com
3	r2---sn-4g5ednsd.googlevideo.com	www.youtube-nocookie.com
3	d2p078bqz5urf7.cloudfront.net	moneydoesgrowontreeskhfs.com d2p078bqz5urf7.cloudfront.net
3	fonts.googleapis.com	moneydoesgrowontreeskhfs.com cdn.chatapi.net
3	moneydoesgrowontreeskhfs.com	moneydoesgrowontreeskhfs.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	app.engagebay.com	cdnjs.cloudflare.com
2	cdn.chatapi.net	cdn.respond.io cdn.chatapi.net
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	www.googletagmanager.com	moneydoesgrowontreeskhfs.com
2	js.hs-scripts.com	moneydoesgrowontreeskhfs.com
2	checkoutlib.billsby.com	moneydoesgrowontreeskhfs.com cdnjs.cloudflare.com
1	c6.paypal.com	moneydoesgrowontreeskhfs.com
1	dub.stats.paypal.com	www.paypal.com
1	b.stats.paypal.com	1 redirects
1	yt3.ggpht.com	moneydoesgrowontreeskhfs.com
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	statscollector.digital.vistaprint.com	moneydoesgrowontreeskhfs.com
1	t.paypal.com	moneydoesgrowontreeskhfs.com
1	assets.digital.vistaprint.com	moneydoesgrowontreeskhfs.com
1	cdnjs.cloudflare.com	moneydoesgrowontreeskhfs.com
1	static.websimages.com	moneydoesgrowontreeskhfs.com
1	cdn.respond.io	moneydoesgrowontreeskhfs.com
1	seal-charlotte.bbb.org	moneydoesgrowontreeskhfs.com
1	vp-digital-tower-etc.s3.amazonaws.com	moneydoesgrowontreeskhfs.com
136	35

This site contains links to these domains. Also see Links.

Domain
www.bbb.org
www.renderforest.com
policies.google.com
kharrellsfinancialservic663-my.sharepoint.com

Subject Issuer	Validity	Valid
moneydoesgrowontreeskhfs.com Cloudflare Inc ECC CA-3	`2021-10-19` - `2022-10-18`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-09-21` - `2022-03-15`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-11` - `2022-02-11`	a year	crt.sh
*.bbb.org GeoTrust RSA CA 2018	`2020-05-15` - `2022-07-03`	2 years	crt.sh
imageprocessor.digital.vistaprint.com Amazon	`2021-04-25` - `2022-05-24`	a year	crt.sh
*.billsby.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-02` - `2022-09-04`	2 years	crt.sh
*.respond.io Amazon	`2021-03-05` - `2022-04-02`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
assets.digital.vistaprint.com Amazon	`2020-12-13` - `2022-01-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-09-21` - `2022-10-22`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.tiktok.com RapidSSL RSA CA 2018	`2019-11-14` - `2022-01-12`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
statscollector.digital.vistaprint.com Amazon	`2020-11-20` - `2021-12-19`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.engagebay.com Sectigo RSA Domain Validation Secure Server CA	`2019-12-09` - `2022-01-26`	2 years	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2021-09-28` - `2021-12-07`	2 months	crt.sh
c.paypal.com DigiCert SHA2 Extended Validation Server CA	`2020-06-24` - `2022-06-29`	2 years	crt.sh
b.stats.paypal.com DigiCert SHA2 High Assurance Server CA	`2020-03-13` - `2022-06-03`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh

This page contains 12 frames:

Primary Page: https://moneydoesgrowontreeskhfs.com/
Frame ID: 27AC71CB65BC5591A3704E2B9A7F0626
Requests: 60 HTTP requests in this frame

Frame: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
Frame ID: E5D2FC691B94B59F26C32FDCA63A5278
Requests: 47 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Frame ID: 61014D9A65065DAA232736626D9DC56F
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Frame ID: 21CD58C7E5EE5DE3A3A6CECAD9DD4972
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: 0A278A980512180712FAF2D23BE3CF25
Requests: 3 HTTP requests in this frame

Frame: https://cdn.chatapi.net/webchat/widget/chat.html
Frame ID: FCA535FA4A6CA85CDC90CBCC63F86020
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1657202986726276&output=html&adk=1812271804&adf=3025194257&lmt=1634602758&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634602758725&bpp=10&bdt=2165&idt=187&shv=r20211013&mjsv=m202110130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2660146308440&frm=20&pv=2&ga_vid=1274048786.1634602759&ga_sid=1634602759&ga_hid=681432469&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062524%2C31063140&oid=2&pvsid=2118196064994274&pem=649&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=203
Frame ID: B3EE8B81B884F2191E153E028A9690AB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j&co=aHR0cHM6Ly9tb25leWRvZXNncm93b250cmVlc2toZnMuY29tOjQ0Mw..&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=invisible&cb=hiz1ces4qfxp
Frame ID: 9DB5B5141E5E1673D03B77D025363A53
Requests: 7 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: D5C6BD098B0434FB870F55D22FD4F90F
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS
Frame ID: 1CAE3E57BF80631B1F32ABAA10072165
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: C8FB8AA80B113573BD9316EB0241D8C2
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 531B8BF60D332CC5250763B7D672CCAB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home/About – K Harrell’s Financial Services in Kannapolis,

Detected technologies

Rollbar (Issue trackers) Expand

Overall confidence: 100%
Detected patterns

rollbar\.js/([0-9.]+)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

136
Requests

99 %
HTTPS

0 %
IPv6

24
Domains

35
Subdomains

34
IPs

2
Countries

5208 kB
Transfer

9575 kB
Size

22
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bbb.org/us/nc/kannapolis/profile/tax-return-preparation/k-harrells-tax-service-0473-813497#sealclick

Search URL Search Domain Scan URL

URL: https://www.renderforest.com/watch-34335896?queue=29357505&utm_source=email&utm_medium=export&utm_campaign=export_finished_email_thumb
Title: .pip[data-tower-id="f647a741e35645dd9768a0d1fe898b3d-0-1-0"]{margin-left:auto;margin-right:auto;margin-bottom:0;margin-top:0;width:100%;}@media screen and (min-width: 30em){.pip[data-tower-id="f647a741e35645dd9768a0d1fe898b3d-0-1-0"]{margin-left:auto;margin-right:auto;margin-bottom:0;margin-top:0;width:13.290909090909098%;}}@media screen and (min-width: 60em){.pip[data-tower-id="f647a741e35645dd9768a0d1fe898b3d-0-1-0"]{margin-left:auto;margin-right:auto;margin-bottom:0;margin-top:0;width:13.290909090909098%;}}.pip[data-tower-id="f647a741e35645dd9768a0d1fe898b3d-0-1-0"] .image-media__image-container{padding-bottom:101.92771084337349%;}

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Datenschutzrichtlinien

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://kharrellsfinancialservic663-my.sharepoint.com/:f:/g/personal/nharrell_kharrellsfinancialservices_com/EkSLS3Q_tVxItgPqXVVguGABn2qcDJDQ3PvKy-R-EEzofQ?e=5aHYk6
Title: KHFS Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 109

https://b.stats.paypal.com/v2/counter.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS HTTP 302
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS

136 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
moneydoesgrowontreeskhfs.com/ 163 KB
29 KB 1011ms
966ms Document
text/html 104.17.195.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.195.73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7176793729b95d818d8dfc2c9f9ba097d078b8b5f069a1f4637084c346902ef1

Request headers

:method: GET
:authority: moneydoesgrowontreeskhfs.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 19 Oct 2021 00:19:16 GMT
content-type: text/html; charset=utf-8
content-language: de_de
access-control-allow-origin: https://developer.cimpress.io
cache-control: public, s-maxage=43200, max-age=60
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6a05d5767e23278c-PRG
content-encoding: gzip

GET
H2 200 /
moneydoesgrowontreeskhfs.com/.css/ 206 KB
32 KB 1257ms
1256ms Stylesheet
text/css 104.17.195.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneydoesgrowontreeskhfs.com/.css/?cacheId=1634011362545
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.195.73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b428307dbdbdfd8ad27e971e93fd4b6c25a13b1c332ad201eaf817942b9b7056

Request headers

:path: /.css/?cacheId=1634011362545
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: moneydoesgrowontreeskhfs.com
referer: https://moneydoesgrowontreeskhfs.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray: 6a05d57ca924278c-PRG
date: Tue, 19 Oct 2021 00:19:17 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
etag: W/"337b5-Gh5xxVtEKyQ4iiYBzO6IEhZb3Ig"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-language: de_de
access-control-allow-origin: https://developer.cimpress.io
cache-control: public, s-maxage=43200, max-age=60
content-type: text/css; charset=utf-8

GET
H2 200 / Show response
moneydoesgrowontreeskhfs.com/.js/ 309 KB
77 KB 838ms
837ms Script
application/javascript 104.17.195.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://moneydoesgrowontreeskhfs.com/.js/?cacheId=1634011362545&locale=de-DE
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.195.73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba16fbb20621812a7bc955505f57238af97ebf66c28884156b07d2bfbfb35460

Request headers

:path: /.js/?cacheId=1634011362545&locale=de-DE
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: moneydoesgrowontreeskhfs.com
referer: https://moneydoesgrowontreeskhfs.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray: 6a05d57ca925278c-PRG
date: Tue, 19 Oct 2021 00:19:17 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
etag: W/"4d393-CXxmLSf9uq3FY7kOnD5OOizlfK0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-language: de_de
access-control-allow-origin: https://developer.cimpress.io
cache-control: public, s-maxage=43200, max-age=60
content-type: application/javascript; charset=utf-8

GET
H2 200 js Show response
www.paypal.com/sdk/ 302 KB
92 KB 740ms
702ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&merchant-id=nakiavharrell%40gmail.com&currency=USD&disable-funding=bancontact%2Cblik%2Ceps%2Cgiropay%2Cideal%2Cmercadopago%2Cmybank%2Cp24%2Csepa%2Csofort

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b5222c470ef336e7f637eef68b0a53ab39b1641c8f01b4fa4e038ca3b79209ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 0
via: 1.1 varnish
x-cache: MISS
p3p: true
paypal-debug-id: f567134e08c21
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 92928
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4080-HHN
x-timer: S1634602757.621966,VS0,VE696
x-frame-options: SAMEORIGIN
date: Tue, 19 Oct 2021 00:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"16b00-8wH7EX+jo8V7wA8ooFaCPlM6EtQ"
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 43ms
16ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Great%20Vibes%3A100%2C400%2C700%7CSintony%3A100%2C400%2C700

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

bc4ed622973a8aad23604ce89e681c9fd3a1ccc8f01c3c980c07ff81a6bdb91d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 00:19:16 GMT
server: ESF
date: Tue, 19 Oct 2021 00:19:16 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Tue, 19 Oct 2021 00:19:16 GMT

GET
H2 200 css
fonts.googleapis.com/ 366 B
347 B 44ms
17ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=ABeeZee%3A100%2C400%2C700

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

3969177281b39dacb532d29111fcf95ab01ea8ad24ef8961a0530a7404a35a84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 00:19:16 GMT
server: ESF
date: Tue, 19 Oct 2021 00:19:16 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Tue, 19 Oct 2021 00:19:16 GMT

GET
H/1.1 200
OK celebrate.png
vp-digital-tower-etc.s3.amazonaws.com/stock-assets/ 10 KB
11 KB 632ms
133ms Image
image/png 52.216.234.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vp-digital-tower-etc.s3.amazonaws.com/stock-assets/celebrate.png
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.234.51 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d4cff8de2398964e05c8efe129c043b5a9c1863201e4054ec0b20ac92a4191af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
Last-Modified: Thu, 12 Nov 2020 18:43:33 GMT
Server: AmazonS3
x-amz-request-id: TK856Z1HNK5FNTH2
ETag: "704e4ac5de30951d68ade8ea443aeca6"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 10443
x-amz-id-2: g3nZnL2XiGtEvNlu6zkKQNWnh/hzC1UE1xDB8f/GKImPzWkjq6dcmn/5ZZ0LY/jQXd/HiAGsVZQ=

GET
H2 200 blue-seal-187-130-kharrell39staxservice-813497.png
seal-charlotte.bbb.org/seals/ 7 KB
7 KB 695ms
212ms Image
image/png 216.52.119.101
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://seal-charlotte.bbb.org/seals/blue-seal-187-130-kharrell39staxservice-813497.png

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

216.52.119.101 , United States, ASN10913 (INTERNAP-BLK, US),

Reverse DNS

smtp.list.bbb.org

Software

nginx / ASP.NET

Resource Hash

f72102770784d020e3b816d2e8113dca8d3c3a62a85ffc86a0c12af3ba5e2a17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .bbb.org bbb.org .app.bbb.org .bluebbb.org bluebbb.org .myfloridacfo.com myfloridacfo.com jsfiddle.net fiddle.jshell.net
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 23:22:19 GMT
content-encoding: gzip
server: nginx
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: private
content-security-policy: frame-ancestors 'self' *.bbb.org bbb.org *.app.bbb.org *.bluebbb.org bluebbb.org *.myfloridacfo.com myfloridacfo.com jsfiddle.net fiddle.jshell.net

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/16,13,415x423/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/7d7d1477-d5bb-419b-ad1a-c0a8952e23fb~110/ 216 KB
217 KB 1160ms
985ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/16,13,415x423/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/7d7d1477-d5bb-419b-ad1a-c0a8952e23fb~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: f85f0c484192144eb16abc1ccc6ce1a31cb1200b12daee4d8e0d16371b207692

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:18 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"36130-maSxGvlovM1rB8PQHrFx+vME6zI"
RequestId: 4ca47749-c585-4a5d-9785-6f602af651f1
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 221488
X-Amz-Cf-Id: uI7nOBE8ZPi4CR0tAMCbGrcSPlddDAzQzXRf28bkKG4Llg6041QLKA==

GET
H/1.1 200
OK checkout.min.js Show response
checkoutlib.billsby.com/ 13 KB
13 KB 757ms
283ms Script
application/javascript 35.190.161.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://checkoutlib.billsby.com/checkout.min.js
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.161.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 161.161.190.35.bc.googleusercontent.com
Software: envoy /
Resource Hash: 4b4e0b8fd7351c82ca27be2aed0bda263b65a05f2511dced4818ae2f0b6a7806

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:17 GMT
last-modified: Mon, 19 Jul 2021 09:40:40 GMT
server: envoy
etag: "60f54898-3429"
content-type: application/javascript
cache-control: max-age=604800,no-cache
x-envoy-upstream-service-time: 1
accept-ranges: bytes
content-length: 13353
expires: Tue, 26 Oct 2021 00:19:18 GMT

GET
H2 200 widget.js Show response
cdn.respond.io/webchat/widget/ 43 KB
15 KB 257ms
50ms Script
application/javascript 13.35.253.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.respond.io/webchat/widget/widget.js?cId=595419d7d8ea7cfe05d809dc6f16b3d4297b3625173561ce99b24b055235975f
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-80.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 23f418f8510f8139bba905207fe945aac99faad378029b92d213315810571a84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 08:42:00 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 02:59:03 GMT
server: AmazonS3
age: 76096
etag: W/"b5c04c4d004a25a63d4a631822c02e8b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: wpb78yn7VFp4PdurFji1TWMCPi8vL7HMsV01jqGDQsIrZXpEFs6Pmw==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/99,34,424x366/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/ad5f4961-41af-449d-8790-0114e50e01ec~110/ 118 KB
118 KB 560ms
385ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/99,34,424x366/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/ad5f4961-41af-449d-8790-0114e50e01ec~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 391d493719ce8f42729593617cc99b9a7668319b142ed839ac22f4958a39928d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:18 GMT
Via: 1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"1d68d-jLx1u58uo+sA2eeOH5CHNO3I2fQ"
RequestId: 2bb90bac-04d4-452d-9dbf-f28977fc43d8
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 120461
X-Amz-Cf-Id: i9OKw2lzNEs0Bvqp9sYHCbitfhx6-rw6RWC9qNkaYGkgDa4J78kzhA==

GET
H2 404 8410246.js
js.hs-scripts.com/ 0
0 339ms
175ms Script
application/json 104.17.211.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/8410246.js
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.211.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
access-control-allow-credentials: true
access-control-max-age: 3600

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
50 KB 231ms
66ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

1f6fee9842ed78087a6e40668ee09e05106d8b47626d588ad871b5ff4d6445c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50922
x-xss-protection: 0
server: cafe
etag: 10979171463887365244
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,267,3264x2181/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/885b045a-433f-4afb-9fbb-e682acdf0890~110/ 111 KB
111 KB 2894ms
2719ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,267,3264x2181/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/885b045a-433f-4afb-9fbb-e682acdf0890~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 01c2d1be12748ed51ecdb1777641bf340ac50f949bf2610fae6ff84c529c1ec1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:20 GMT
Via: 1.1 13140684c599ca32163cf7ec1871cebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"1ba70-pEMjo0jE9W01aHL2laEigC9YPyY"
RequestId: 61b3e709-4775-4be8-a427-1613b11f977c
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 113264
X-Amz-Cf-Id: S_reIRJFma0_Juh3xLP0_faCr-P-IMYfsy68azpTBvltHnvInhxDiw==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/120,120,960x960/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/0cf1749d-12a9-4bfd-bbc5-c27e8370fe7f~110/ 24 KB
24 KB 1926ms
1751ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/120,120,960x960/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/0cf1749d-12a9-4bfd-bbc5-c27e8370fe7f~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 15cc1b171451030636dc2450ea6df0279544c2ccb605c96f16f3233208991a7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
Via: 1.1 84f381696dd33e92960b92250106e465.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"5f05-3hsOkzzbzu4+v+k6VAxd+Cd1lho"
RequestId: 820b95d9-792b-4c5c-829b-9c706ca40afd
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 24325
X-Amz-Cf-Id: kMHd9TndIcZSWFp8eHH3aN-Y7m_wZ7svV0Q5vV3HYjU4Szzq-QN4tg==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,0,488x476/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/0088fb8a-7ce6-4fad-ae44-9e73496b00d3~110/ 143 KB
144 KB 394ms
228ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,0,488x476/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/0088fb8a-7ce6-4fad-ae44-9e73496b00d3~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: eff7ef21d5a4a1fd34836cd3f134a919e42780e31f7161878399f3af762027b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:18 GMT
Via: 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"23c19-ib5tWvkzRho7XqE2gEy4hPG9UuI"
RequestId: 0ab2c8f6-efa5-42c6-9ad9-952d71166f22
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 146457
X-Amz-Cf-Id: fFX2rnGZB4rCNg2rfVV67G7jlQHBLrXnT76I5rBDiuaR7GswpZHiJg==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/17,17,134x133/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/472fb559-6d52-44e4-97ab-8790b9429490~110/ 2 KB
2 KB 590ms
589ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/17,17,134x133/maxWidth/1000/https://uploads.documents.cimpress.io/v1/uploads/472fb559-6d52-44e4-97ab-8790b9429490~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 85af7c43f6b5699613f498031b5dd09a57890df812de8b42360ee1d30cb688a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:18 GMT
Via: 1.1 3d58896f901dbeed449603f5d2b4d9f1.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"693-csQ4zjJFjtNCa1IdvYqPwHBmJPg"
RequestId: 46c4a9ed-ad7a-473a-9257-19b2aa43a6d0
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 1683
X-Amz-Cf-Id: onzRfD8bnPm4OLZf0-tu5vEnADYJ0QHvXEju64a_T0UPNhLHB4rURw==

GET
H2 200 collector.js Show response
static.websimages.com/active-static/target/stats/ 1 KB
1 KB 183ms
62ms Script
application/javascript 104.16.5.81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.websimages.com/active-static/target/stats/collector.js
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.5.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 098618125383f339b61490acd432891e79d7ce980dfcc6e0261e93fab5500d89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: br
cf-cache-status: HIT
age: 1651662
cf-polished: origSize=1803
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 03 Jun 2021 08:15:53 GMT
server: cloudflare
etag: W/"70b-5c3d82f08a040-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=18000
cf-ray: 6a05d585bd994108-PRG
expires: Thu, 30 Sep 2021 02:31:36 GMT

GET
H2 200 rollbar.min.js Show response
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/ 69 KB
19 KB 185ms
59ms Script
application/javascript 104.16.19.94
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.19.94 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b140f87ff144db782e0cddbdd64decbaa35b5c7c890f1e45b05fe2d8478b42e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://moneydoesgrowontreeskhfs.com/
Origin: https://moneydoesgrowontreeskhfs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3218547
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 18862
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fc1-112f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Id3SybJ802PFGeAJAQrfR%2FZTeMza8S1v9I3cpdkUkQs9gcCRiEyvHnidvuXjeUPH6mIjG1LCYy7p73bmZ1NrznvEW6q%2B7nG4AL%2FUCF18bk0Cj7REFCzmz3Jtc0pJkubQrtH0zIZv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a05d585bb2327bc-PRG
expires: Sun, 09 Oct 2022 00:19:18 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
5 KB 37ms
35ms Script
application/x-javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=moneydoesgrowontreeskhfs.com&t=xo&v=5.0.265&source=payments_sdk&mrid=nakiavharrell@gmail.com&client_id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&vault=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&merchant-id=nakiavharrell%40gmail.com&currency=USD&disable-funding=bancontact%2Cblik%2Ceps%2Cgiropay%2Cideal%2Cmercadopago%2Cmybank%2Cp24%2Csepa%2Csofort

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

442035f71c10d96bf7fa6efe89aca7705495cfc40909bb70ad22fc4a9c091781

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-6GiAjDBuTzV5hiYApitiijscolnr16QCkOtQbIP6agIjmVxm' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-6GiAjDBuTzV5hiYApitiijscolnr16QCkOtQbIP6agIjmVxm' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: HIT
paypal-debug-id: f618041f5d943
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4321
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4080-HHN
x-timer: S1634602758.871755,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 19 Oct 2021 00:19:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=3600
etag: W/"2ef4-3xgck+FFolYd+Y4aULz7wuzevMY"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 79 KB
32 KB 199ms
75ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K2SQ5J3

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

fb75a77639fe22c7cc20299f1244377270043b0a779d0491c3b8a6d846ff78c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32209
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H/1.1 200
OK background1.jpg
imageprocessor.digital.vistaprint.com/crop/0,0,8192x4929/maxWidth/2000/http://assets.digital.vistaprint.com/1986752/backgrounds/ 278 KB
279 KB 211ms
49ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,0,8192x4929/maxWidth/2000/http://assets.digital.vistaprint.com/1986752/backgrounds/background1.jpg
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 0379b33cfa38ad6ace6480de5e4965c67f8b0b9a4f7b68811950017d8f43a382

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 02 Oct 2021 13:13:37 GMT
Via: 1.1 3d58896f901dbeed449603f5d2b4d9f1.cloudfront.net (CloudFront)
Connection: keep-alive
Age: 1422341
X-Powered-By: Express
ETag: W/"45998-joPVAcR3lMkZteYufQwjq2R3L3E"
RequestId: 92b834a8-91c3-4d1c-a22d-6626b068d01b
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
X-Amz-Cf-Pop: FRA56-C2
Content-Length: 285080
X-Amz-Cf-Id: azyNQ4Bz82Jot9Ek_Fv8sXsI-a3-Mhge38NiZF6y2zNoQZMYHbSegw==

GET
H2 200 1a9ab506-61e7-47be-8bd0-419d3bed831a
assets.digital.vistaprint.com/production/ 951 B
1 KB 613ms
438ms Image
image/png 13.32.29.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.digital.vistaprint.com/production/1a9ab506-61e7-47be-8bd0-419d3bed831a
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/.css/?cacheId=1634011362545
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-125.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 27e1c73b1ab7329f2a7c406c813fc39fb64578987b9c9f2eefa95ab045d478cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
via: 1.1 1ee1abe42f3acbda66e5d1252319566a.cloudfront.net (CloudFront)
last-modified: Thu, 14 Dec 2017 16:55:03 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
etag: "9b96fa3722c1507bd783e0b8979804a5-1"
x-cache: Miss from cloudfront
x-amz-version-id: laMe8PxuqFgk4gzaDGKNxhynVrs447Xc
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-type: image/png
content-length: 951
x-amz-cf-id: pPegF6uc8Ik2uU9O7KVjqexDeaYp_abXTZpFca4t8WDtmlBema4a8A==

GET
H2 200 esDR31xSG-6AGleN2tWkkA.woff2
fonts.gstatic.com/s/abeezee/v14/ 17 KB
17 KB 267ms
109ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/abeezee/v14/esDR31xSG-6AGleN2tWkkA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=ABeeZee%3A100%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

5d15d9db6134e6afc9a6105ba23acd46e9168d8c84e95c2381920edc3e0687b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://moneydoesgrowontreeskhfs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 10:45:55 GMT
x-content-type-options: nosniff
age: 48803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17048
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:46:40 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Oct 2022 10:45:55 GMT

GET
H2 200 RWmMoKWR9v4ksMfaWd_JN9XFiaQ.woff2
fonts.gstatic.com/s/greatvibes/v9/ 33 KB
33 KB 204ms
46ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/greatvibes/v9/RWmMoKWR9v4ksMfaWd_JN9XFiaQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Great%20Vibes%3A100%2C400%2C700%7CSintony%3A100%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

28020dcffc351c7bc6e42fc1c08a3518a47183f8ee5b3f02aaefdfd5abd9f204

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://moneydoesgrowontreeskhfs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 08:41:01 GMT
x-content-type-options: nosniff
age: 488297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33456
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 17:52:36 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 08:41:01 GMT

GET
H2 200 XoHm2YDqR7-98cVUETMtug.woff2
fonts.gstatic.com/s/sintony/v8/ 8 KB
8 KB 298ms
141ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sintony/v8/XoHm2YDqR7-98cVUETMtug.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Great%20Vibes%3A100%2C400%2C700%7CSintony%3A100%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

bbd80981dfc0174f878b36a16f2df70fb71f52d418aedcc654d3020ff8e3faa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://moneydoesgrowontreeskhfs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 09:05:41 GMT
x-content-type-options: nosniff
age: 486817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8548
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:23:05 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 09:05:41 GMT

GET
H2 200 ts
t.paypal.com/ 42 B
697 B 410ms
156ms Image
image/gif 151.101.65.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Home%2FAbout%20%E2%80%93%20K%20Harrell%E2%80%99s%20Financial%20Services%20in%20Kannapolis%2C&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1634602758026&g=0&completeurl=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&ru=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:18 GMT
via: 1.1 varnish
x-timer: S1634602758.353379,VS0,VE143
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: b4f4239882399
expires: Tue, 19 Oct 2021 00:19:18 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4069-HHN

GET
H/1.1 200
OK config.json Show response
checkoutlib.billsby.com/config/ 46 B
384 B 350ms
103ms XHR
application/json 35.190.161.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://checkoutlib.billsby.com/config/config.json
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.161.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 161.161.190.35.bc.googleusercontent.com
Software: envoy /
Resource Hash: 5c1c1a442b780f55e8400d57fc12cff9b20c846572bd8e95aa017a45de89ffc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
last-modified: Thu, 07 Oct 2021 02:48:08 GMT
server: envoy
etag: "615e5fe8-2e"
content-type: application/json
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
cache-control: no-cache
x-envoy-upstream-service-time: 0
accept-ranges: bytes
content-length: 46

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 77 KB
31 KB 43ms
40ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TN4QJSB

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

60387e14978bc3d6228afc3032e1815e67ece419a6aa459c9515d8cb43caf388

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31296
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H2 200 ehform.js Show response
d2p078bqz5urf7.cloudfront.net/jsapi/ 651 B
1 KB 39ms
8ms Script
application/javascript 99.86.3.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2p078bqz5urf7.cloudfront.net/jsapi/ehform.js
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.3.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-22.fra6.r.cloudfront.net
Software: nginx/1.10.1 /
Resource Hash: bcd932915498282ecff1a5086a84ef9a21f45a1a7a637cd18395485b02b48895

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 16:42:19 GMT
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
last-modified: Fri, 08 Oct 2021 16:39:46 GMT
server: nginx/1.10.1
age: 891419
etag: "61607452-28b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 651
x-amz-cf-id: gj8-KHQiMvm7S8hyJjzuQSJAHzK3MISCn3vRrTY8sOB7AI7YPRg8tA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 w2-R7qcChVs Show response
www.youtube-nocookie.com/embed/ Frame E5D2 56 KB
24 KB 179ms
155ms Document
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

55c783be463bca6f0f40aa44664090c2dc91c4862c38e1928218e52869de08ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube-nocookie.com
:scheme: https
:path: /embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 19 Oct 2021 00:19:18 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraF8kvpPgkkYf7NfrxN7y50wX-O9sdgO44AY1Q0Xw3I5lf8_mKJYJs"
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
report-to: {"group":"AZM8iraF8kvpPgkkYf7NfrxN7y50wX-O9sdgO44AY1Q0Xw3I5lf8_mKJYJs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraF8kvpPgkkYf7NfrxN7y50wX-O9sdgO44AY1Q0Xw3I5lf8_mKJYJs"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET widget.js
cdn.respond.io/webchat/widget/ 0
0

GET
H2 200 sdk.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
34 KB 204ms
172ms Script
application/javascript 2.16.186.234
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BTV1JGGRQH54JI5RN73G
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.234 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-234.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b0f4da04b59a601e6ff91d94b03072699cca023870dedf1eb8dde1ea25e48a23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-akamai-request-id: c5f3f3d0.35855f9
date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-52-40-117.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-230.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-parent-response-time: 164,2.16.186.230
server-timing: cdn-cache; desc=MISS, edge; dur=153, origin; dur=11, inner; dur=3
pragma: no-cache
server: nginx
x-tt-logid: 20211019001918010251009209265FD96D
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 11,23.52.40.117
x-tt-trace-host: 01434e1df6f26c65548a329a6d16addd183ed14d275e3a2cddc18d28e83ad9e3b2ea2adbc6f64d0734274a642d5f5764b8494cec0f4eb48dcfe50e8daea0a20bd4dab58728fbc9b1a3f9122c85e6ce15e33ae658527f0f879e587f98006f238b21df1d6e95f554e695123204122e63902c
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H2 404 8410246.js
js.hs-scripts.com/ 0
0 18ms
18ms Script
application/json 104.17.211.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/8410246.js
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.211.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
access-control-allow-credentials: true
access-control-max-age: 3600

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/rotate/90/crop/0,1242,3024x1548/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/4884a4a9-c699-4ce7-ba24-d2ecda1a463f~110/ 335 KB
335 KB 8051ms
8051ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/rotate/90/crop/0,1242,3024x1548/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/4884a4a9-c699-4ce7-ba24-d2ecda1a463f~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 9b948c0c8f827f64286543b583c2e399292111bd549ec8ba5f87b59f57886b73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:26 GMT
Via: 1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"53bdc-Q/qFELKO2Obw5MNq34Mt024ln9g"
RequestId: 541e3684-9c83-4070-a885-67e48a5ebba0
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 343004
X-Amz-Cf-Id: PWH8_VPZ7L3Pb-6_MgRqFT_K5BoQYzuA5rr9XBzHVKq6yFqquCNAUA==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/497cacca-16c4-4f25-a521-d83efa592d39~110/ 426 KB
427 KB 5292ms
5291ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/497cacca-16c4-4f25-a521-d83efa592d39~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 062d56afaf8233a79be0c7818787893ac91cc1d1caa33d9fcd59dee8d1730c1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:23 GMT
Via: 1.1 22b9ddafebf39d72780d68dad970d218.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"6a8f5-iYS74Z0ZPTpb8DwLZ5eXNTJ2Gyw"
RequestId: bf131068-1b48-48f2-8ddf-08ba0544629b
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 436469
X-Amz-Cf-Id: JX9cROopouit1cKXNLF_73k1YbXtL8DdlAflBCOf5cdrkMslpKclGg==

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/ 271 KB
97 KB 62ms
47ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

32c37d3ef21fb4793c7a9f4f6adf7e5d597e7fd0d7b8a89f793bb0b34c44ee53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99348
x-xss-protection: 0
server: cafe
etag: 17165115455200885443
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H/1.1 500
Internal Server Error original
imageprocessor.digital.vistaprint.com/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/5b7cddbc-bd8b-4586-bdf9-842764e66f0a~110/ 0
0 570ms
570ms Image
application/json 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/5b7cddbc-bd8b-4586-bdf9-842764e66f0a~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/ Frame 6101 10 KB
5 KB 54ms
12ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211013/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 18 Oct 2021 21:22:20 GMT
expires: Mon, 01 Nov 2021 21:22:20 GMT
content-type: text/html; charset=UTF-8
etag: 9069739545958607985
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4691
x-xss-protection: 0
age: 10618
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 21CD 298 KB
124 KB 262ms
261ms Document
text/html 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

90284a82c2638fee9c00d3c8597e8e30d4d3675c2ec6887ad327130bf6d06aac

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.paypal.com
:scheme: https
:path: /smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
cookie: ts=vreXpYrS%3D1729297158%26vteXpYrS%3D1634604558%26vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe; ts_c=vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/"4a707-Jc9LzBbwpxzJaA543Uu0ebpsV6s"
p3p: true
paypal-debug-id: f39780737fb93
set-cookie: tsrce=smartcomponentnodeweb; Domain=.paypal.com; Path=/; Expires=Fri, 22 Oct 2021 00:19:19 GMT; HttpOnly; Secure; SameSite=None l7_az=dcg14.slc; Path=/; Domain=paypal.com; Expires=Tue, 19 Oct 2021 00:49:19 GMT; HttpOnly; Secure; SameSite=None ts=vreXpYrS%3D1729297158%26vteXpYrS%3D1634604558%26vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe%26vtyp%3D; Path=/; Domain=paypal.com; Expires=Fri, 18 Oct 2024 00:19:19 GMT; HttpOnly; Secure; SameSite=None ts_c=vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe; Path=/; Domain=paypal.com; Expires=Fri, 18 Oct 2024 00:19:19 GMT; Secure; SameSite=None x-cdn=0003; Domain=paypal.com; Path=/; Secure
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 19 Oct 2021 00:19:19 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4080-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1634602759.844646,VS0,VE249
vary: Accept-Encoding
content-encoding: br

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
1022 B 44ms
16ms Script
text/javascript 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/.js/?cacheId=1634011362545&locale=de-DE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

4da103d863f9b0b11a7b544b9f420dddb462b0f9ef5c20b6e84a5af94bc8e461

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 588
x-xss-protection: 1; mode=block
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
DATA 200
OK truncated
/ Frame 0A27 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0A27 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d3295ce01d228de6f1f8d97dcfc7a5b4ba3550985f62ffd21bad2c9b1f67eca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0A27 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 chat.html Show response
cdn.chatapi.net/webchat/widget/ Frame FCA5 536 B
851 B 25ms
11ms Document
text/html 13.35.253.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.chatapi.net/webchat/widget/chat.html?
Requested by: Host: cdn.respond.io
URL: https://cdn.respond.io/webchat/widget/widget.js?cId=595419d7d8ea7cfe05d809dc6f16b3d4297b3625173561ce99b24b055235975f
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-80.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5ed296a36c85df6141cf0ceca5e4524a95a73dd584ea2cf3c48e2647c06f0f42

Request headers

:method: GET
:authority: cdn.chatapi.net
:scheme: https
:path: /webchat/widget/chat.html?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

content-type: text/html
content-length: 536
last-modified: Wed, 08 Sep 2021 02:59:03 GMT
accept-ranges: bytes
server: AmazonS3
date: Mon, 18 Oct 2021 00:44:44 GMT
etag: "b260d70db7437f78305214e23ad61d38"
x-cache: Hit from cloudfront
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 1z659UbAUlqwQFpNHCU95oeEiLYmLTN06iRUysRQIissS3eqeR09Og==
age: 84875

GET
H2 200 record
statscollector.digital.vistaprint.com/ 0
114 B 320ms
108ms Image
text/plain 52.4.241.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://statscollector.digital.vistaprint.com/record?siteId=2684943982&pageId=2684943982&pageTitle=Home&parentPageId=&builderType=tower&premium=true&referrer=&location=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&visitorId=463127363
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.4.241.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-241-247.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: https://developer.cimpress.io
date: Tue, 19 Oct 2021 00:19:19 GMT
x-powered-by: Express
content-type: text/plain

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/99,34,424x366/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/ad5f4961-41af-449d-8790-0114e50e01ec~110/ 772 B
1 KB 284ms
283ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/99,34,424x366/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/ad5f4961-41af-449d-8790-0114e50e01ec~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: ae45c639ad93829b212a181f2ef506f00c27cecbe1ff580a286b167e0a1faca4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"304-DY5Y85o5k0vmIDgadTiAbXCBy/k"
RequestId: 4843552c-6dfd-40de-abdf-36dd7bb47393
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 772
X-Amz-Cf-Id: iOJFiJ_kCoFKJ6tM_0ygqlf229UANLkI48CHZyVYZKyeV8ai8BelEQ==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,267,3264x2181/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/885b045a-433f-4afb-9fbb-e682acdf0890~110/ 782 B
1 KB 6794ms
6779ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,267,3264x2181/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/885b045a-433f-4afb-9fbb-e682acdf0890~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 588e81b90f809aa61ea52192da0bbf55a928f3b9a6269618862337e0f69d0941

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:26 GMT
Via: 1.1 84f381696dd33e92960b92250106e465.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"30e-GtbwPppj7/iIB0CLKtLoxRHT+7c"
RequestId: afd4d9ee-24ab-434d-b07b-aa3819f583ce
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 782
X-Amz-Cf-Id: ALXUeOwDfqPs9EUBEXfHSKfx7pQIWM38MfO1L3FJB6yl4-VlqqTXpw==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/120,120,960x960/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/0cf1749d-12a9-4bfd-bbc5-c27e8370fe7f~110/ 725 B
1 KB 456ms
456ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/120,120,960x960/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/0cf1749d-12a9-4bfd-bbc5-c27e8370fe7f~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 754fbb2ccf14a82937252ef78ec7f8418a4fff3ba0c7fd39440fcd7484a62763

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"2d5-nNuI6Hu+Kmy2leOFBd+t82vafVY"
RequestId: 5a479f78-c6b8-492e-a0f2-c83f2060666c
X-Cache: Hit from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 725
X-Amz-Cf-Id: bwrVxzPScwzr7a9rxYj71WHtoOGdwr-tPc3epnSZODjFpteNT9Yhwg==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/0,0,488x476/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/0088fb8a-7ce6-4fad-ae44-9e73496b00d3~110/ 1 KB
2 KB 453ms
453ms Image
image/jpeg 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/0,0,488x476/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/0088fb8a-7ce6-4fad-ae44-9e73496b00d3~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: e49397f85100ce22e33ccb1372720938553e32f910600fc82a5e66830f619c83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:20 GMT
Via: 1.1 84f381696dd33e92960b92250106e465.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"570-pZzIqCPtnG5fKo5lPYxkt2s53so"
RequestId: 33a31dc5-a65d-40e9-84e5-2a1b7234cce8
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 1392
X-Amz-Cf-Id: gtU5C7xgO1paSRZVp9TQt1cfWOyfgTsZKFhJrEifHTYSP_DnXDeB1g==

GET
H/1.1 200
OK original
imageprocessor.digital.vistaprint.com/crop/17,17,134x133/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/472fb559-6d52-44e4-97ab-8790b9429490~110/ 733 B
1 KB 375ms
375ms Image
image/png 13.32.29.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imageprocessor.digital.vistaprint.com/crop/17,17,134x133/maxWidth/20/https://uploads.documents.cimpress.io/v1/uploads/472fb559-6d52-44e4-97ab-8790b9429490~110/original?tenant=vbu-digital
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.29.104 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-29-104.fra56.r.cloudfront.net
Software: / Express
Resource Hash: 8ec0d3366eedfec3fdf61c82c0bb160ab07e47a31073420deb1bb4f72083d59c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:20 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C2
X-Powered-By: Express
ETag: W/"2dd-pbT4Ng2t1oOyiyg7jwaoW+q2UA0"
RequestId: ec8d824b-3e93-4b39-ac55-616234604d2d
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, s-maxage=604800,max-age=604800
Connection: keep-alive
Content-Length: 733
X-Amz-Cf-Id: zq2MGcbbXnf66TWUOrTBEw_OZYoPSjJS3xICSAYhwWJhzJc04XMwdw==

GET
H2 200 v225.js Show response
d2p078bqz5urf7.cloudfront.net/jsapi/min/ 207 KB
64 KB 10ms
10ms Script
application/javascript 99.86.3.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2p078bqz5urf7.cloudfront.net/jsapi/min/v225.js
Requested by: Host: d2p078bqz5urf7.cloudfront.net
URL: https://d2p078bqz5urf7.cloudfront.net/jsapi/ehform.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.3.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-22.fra6.r.cloudfront.net
Software: nginx/1.10.1 /
Resource Hash: a9a16381ed78f7f8af0bb3f1152d14fd1ec2948d119f6647ceb951b46c990583

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 16:42:21 GMT
content-encoding: gzip
last-modified: Fri, 08 Oct 2021 16:39:17 GMT
server: nginx/1.10.1
age: 891417
etag: W/"61607435-33c5f"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: R6mPlCnlPE0wj6gaFHJ8f7V5w7_sc01lghErD9nBLjhvYqgik5L6sQ==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 www-player-webp.css
www.youtube-nocookie.com/s/player/03869671/ Frame E5D2 335 KB
46 KB 28ms
11ms Stylesheet
text/css 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/www-player-webp.css

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

35501bfd5f2a8d2d8fb04695bc80793b9aa7160ded872a9f89cc094b140f8702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 16:57:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 372138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46953
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 16:57:00 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube-nocookie.com/s/player/03869671/www-embed-player.vflset/ Frame E5D2 209 KB
69 KB 27ms
10ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

44bd4220ae9afb42bdf6199a39b14bc6f4cc6ea44c1481dcde55e8359fc6f41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 09:56:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 224583
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70136
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sun, 16 Oct 2022 09:56:15 GMT

GET
H3 200 base.js Show response
www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/ Frame E5D2 2 MB
512 KB 38ms
21ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

83e9eadcfefc66cf0bff70c9e3cdfde37f8a2071f82a0ed6bc464736e10463f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 16:57:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 372138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 523972
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 16:57:00 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube-nocookie.com/s/player/03869671/fetch-polyfill.vflset/ Frame E5D2 8 KB
3 KB 26ms
9ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 22:24:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6903
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 18 Oct 2022 22:24:15 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E5D2 15 KB
15 KB 25ms
9ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/
Origin: https://www.youtube-nocookie.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 15665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Oct 2022 19:58:13 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ 346 KB
347 KB 42ms
11ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://moneydoesgrowontreeskhfs.com/
Origin: https://moneydoesgrowontreeskhfs.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:09:01 GMT
x-content-type-options: nosniff
age: 617
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 354205
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Wed, 19 Oct 2022 00:09:01 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
669 B 50ms
26ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=moneydoesgrowontreeskhfs.com&callback=_gfp_s_&client=ca-pub-1657202986726276

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

3f13dc79fb926bcdc835e9f16f2e6b8b16f9fdede0d02ef7dbe00437ea542480

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 204
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 57ms
28ms Script
application/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=moneydoesgrowontreeskhfs.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 19 Oct 2021 00:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B3EE 603 B
68 B 59ms
37ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1657202986726276&output=html&adk=1812271804&adf=3025194257&lmt=1634602758&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634602758725&bpp=10&bdt=2165&idt=187&shv=r20211013&mjsv=m202110130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2660146308440&frm=20&pv=2&ga_vid=1274048786.1634602759&ga_sid=1634602759&ga_hid=681432469&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062524%2C31063140&oid=2&pvsid=2118196064994274&pem=649&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=203

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1657202986726276&output=html&adk=1812271804&adf=3025194257&lmt=1634602758&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634602758725&bpp=10&bdt=2165&idt=187&shv=r20211013&mjsv=m202110130101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2660146308440&frm=20&pv=2&ga_vid=1274048786.1634602759&ga_sid=1634602759&ga_hid=681432469&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062524%2C31063140&oid=2&pvsid=2118196064994274&pem=649&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=203
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 19 Oct 2021 00:19:18 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 19-Oct-2021 00:34:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 19 Oct 2021 00:19:18 GMT
cache-control: private

GET
H3 200 css
fonts.googleapis.com/ Frame FCA5 8 KB
789 B 66ms
34ms Stylesheet
text/css 142.250.186.42
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,400i,700,700i&display=swap

Requested by

Host: cdn.chatapi.net
URL: https://cdn.chatapi.net/webchat/widget/chat.html?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.42 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f10.1e100.net

Software

ESF /

Resource Hash

9d6ff9ce590e9d6210ffc6a7a282630fea42336748d898de6cb8e1ec68a97437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.chatapi.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 23:06:32 GMT
server: ESF
date: Tue, 19 Oct 2021 00:19:18 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Tue, 19 Oct 2021 00:19:18 GMT

GET
H2 200 chat.d86ef98c.js Show response
cdn.chatapi.net/webchat/widget/js/ Frame FCA5 254 KB
73 KB 9ms
8ms Script
application/javascript 13.35.253.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.chatapi.net/webchat/widget/js/chat.d86ef98c.js
Requested by: Host: cdn.chatapi.net
URL: https://cdn.chatapi.net/webchat/widget/chat.html?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-80.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce3d7a9acb688f987c3e98dc41d818c7dd0cd961c50897ef65605b6cd17ce139

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.chatapi.net/webchat/widget/chat.html?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 01:54:48 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 02:59:03 GMT
server: AmazonS3
age: 80671
etag: W/"b18c3e66e99798cb44a6e971db5cdba8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: og3Wqg3EwmqCTHMxqseeLo-zGIZXQ4Z7zAXfpBa61zhKhPWxuArBVA==

GET
H2 200 min_v6.css
d2p078bqz5urf7.cloudfront.net/jsapi/css/iframe/ 2 KB
917 B 24ms
23ms Stylesheet
text/css 99.86.3.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2p078bqz5urf7.cloudfront.net/jsapi/css/iframe/min_v6.css
Requested by: Host: d2p078bqz5urf7.cloudfront.net
URL: https://d2p078bqz5urf7.cloudfront.net/jsapi/min/v225.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.3.22 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-3-22.fra6.r.cloudfront.net
Software: nginx/1.10.1 /
Resource Hash: 668c4ea01b5ad8f78a731ab245c4e23994efb33d0a6f525d5b0f42828b2e2591

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 09 Oct 2021 21:16:01 GMT
content-encoding: gzip
last-modified: Mon, 06 Apr 2020 12:16:31 GMT
server: nginx/1.10.1
age: 788597
etag: W/"5e8b1d9f-844"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: N5HSUUQJCUhm3X4wT9SdaFAivCKTDx8UdXONT3BoyBI8DeXLCuW6GA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 leadgrabbers Show response
app.engagebay.com/jsapi/rest/ 553 B
387 B 745ms
621ms XHR
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app.engagebay.com/jsapi/rest/leadgrabbers?apiKey=7tfq5r86qvpoe830jl2nk62tjk
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: Google Frontend /
Resource Hash: 1a36403d2326bc67faaae7619d1932eddff08be52a2f6cd03e02c3b3722f6038

Request headers

Accept: application/json
Referer: https://moneydoesgrowontreeskhfs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: HEAD, OPTIONS, GET, POST, PUT, DELETE
content-type: application/json;charset=utf-8
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
x-cloud-trace-context: 9e359565e76ef352d85fe67286b4b5a6
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: x-requested-with,Content-Type,Authorization
content-length: 293

POST
H2 200 add-visitor Show response
app.engagebay.com/jsapi/rest/ 1 KB
900 B 285ms
173ms XHR
application/json 172.217.18.115
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://app.engagebay.com/jsapi/rest/add-visitor?
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.18.115 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: zrh04s05-in-f115.1e100.net
Software: Google Frontend /
Resource Hash: e2a8413ad5f1fb6f76341fa843a1672c861762331a6124b429023c5f0251fff1

Request headers

Accept: application/json
Referer: https://moneydoesgrowontreeskhfs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
access-control-allow-methods: HEAD, OPTIONS, GET, POST, PUT, DELETE
content-type: application/json;charset=utf-8
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
x-cloud-trace-context: 233c407c251154a1e20452c3ec231d55
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: x-requested-with,Content-Type,Authorization
content-length: 571

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 166ms
166ms Script
application/javascript 2.16.186.234
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BTV1JGGRQH54JI5RN73G
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.234 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-234.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: da556df4dc2e8a01fc001ae2a2446328a6615e19a40e9113a8718f0ac018d2c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-akamai-request-id: de43dcad.35856d5
date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a184-28-72-111.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-230.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-parent-response-time: 159,2.16.186.230
server-timing: cdn-cache; desc=MISS, edge; dur=154, origin; dur=5, inner; dur=2
pragma: no-cache
server: nginx
x-tt-logid: 20211019001919010245099002014D7832
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 5,184.28.72.111
x-tt-trace-host: 01434e1df6f26c65548a329a6d16addd181f142d9b002f92ac6a3393c2db0b32b5e5da9863c02ace57c7580472c50a510be7788fb01f1f82c115c39b5f40bc47ba07d2d5eeb75a4a0837035f7178adcd0c08e49ca3347126030d41e7a2aaa240e8e33e69a6d5c40bdf27843c2111be9cfe
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 693 B
1 KB 172ms
171ms Script
application/javascript 2.16.186.234
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=BTV1JGGRQH54JI5RN73G&hostname=moneydoesgrowontreeskhfs.com
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BTV1JGGRQH54JI5RN73G
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.234 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-234.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 0eb6dcdeff6047fcafb45ed1174f6d1b1283a126bdfd30818b8a88a5b712e589

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-akamai-request-id: d4999080.35856e7
date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a184-28-72-116.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-230.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-parent-response-time: 158,2.16.186.230
server-timing: cdn-cache; desc=MISS, edge; dur=153, origin; dur=6, inner; dur=4
content-length: 313
pragma: no-cache
server: nginx
x-tt-logid: 2021101900191901024524413809669705
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,184.28.72.116
x-tt-trace-host: 01434e1df6f26c65548a329a6d16addd181f142d9b002f92ac6a3393c2db0b32b5e7a0e620f77e59d199c6863fc9fc293e760ce93446e323ebb79ed2157b835d6e643ce2748027b838c4e3f4dfb9a3f2311772d5343baa48dcb2eed3e11bda1d7c0ec8ca512e5ce2a252a729e8755bef40
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame FCA5 15 KB
15 KB 8ms
8ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,400i,700,700i&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cdn.chatapi.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:31:41 GMT
x-content-type-options: nosniff
age: 460058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Oct 2022 16:31:41 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 9DB5 39 KB
20 KB 44ms
27ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j&co=aHR0cHM6Ly9tb25leWRvZXNncm93b250cmVlc2toZnMuY29tOjQ0Mw..&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=invisible&cb=hiz1ces4qfxp

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

2ed1f1a6de65ad5ea339f5d053c5d587b9ebdacbe26f2f0c5c406a6373ede7ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MPrYBaZf+0yrFLO+pTGPCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j&co=aHR0cHM6Ly9tb25leWRvZXNncm93b250cmVlc2toZnMuY29tOjQ0Mw..&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=invisible&cb=hiz1ces4qfxp
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 19 Oct 2021 00:19:19 GMT
content-security-policy: script-src 'report-sample' 'nonce-MPrYBaZf+0yrFLO+pTGPCg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20059
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 X9vq8TsFxG54XOXFGWIq-E09e6E0fMxejDWeFwDdVAc.js Show response
www.google.com/js/th/ Frame E5D2 35 KB
13 KB 24ms
23ms Script
text/javascript 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/X9vq8TsFxG54XOXFGWIq-E09e6E0fMxejDWeFwDdVAc.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

5fdbeaf13b05c46e785ce5c519622af84d3d7ba1347ccc5e8c359e1700dd5407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 18:17:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 108125
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13392
x-xss-protection: 0
last-modified: Tue, 05 Oct 2021 11:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 17 Oct 2022 18:17:14 GMT

GET
H3 200 embed.js Show response
www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/ Frame E5D2 25 KB
7 KB 8ms
7ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

f6b5da04fa44e9bd96ff49c1b07d0805d98c94b641b2b633e3185c07310f8033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 16:57:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 372136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7363
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 16:57:03 GMT

POST
H3 200 player Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 62 KB
18 KB 109ms
109ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

68ee21e7ef57e58bc00d37b06aa703fa96cafdc2bf5fa3ae3acbf6e23307139c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20211013.1.0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18756
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E5D2 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLSq67gzsi7eH_9fjXMWlKMu2tWCvpYC0h_ZxA=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame E5D2 975 B
1 KB 76ms
38ms Image
image/jpeg 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLSq67gzsi7eH_9fjXMWlKMu2tWCvpYC0h_ZxA=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f1.1e100.net

Software

fife /

Resource Hash

1fd514137362f42d0b3d0f06f8ae5a7943ad3c84984c7ab28b5024dee1b1722d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
x-content-type-options: nosniff
server: fife
age: 0
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 975
x-xss-protection: 0
expires: Wed, 20 Oct 2021 00:19:19 GMT

GET
DATA 200
OK truncated
/ Frame E5D2 357 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1b715a140ddfcb01c85fcf208cfb5b6e57a74cb72eaa478edc25a0de2295297

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 21CD 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 21CD 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d3295ce01d228de6f1f8d97dcfc7a5b4ba3550985f62ffd21bad2c9b1f67eca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 21CD 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 21CD 302 KB
92 KB 17ms
17ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b5222c470ef336e7f637eef68b0a53ab39b1641c8f01b4fa4e038ca3b79209ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-t7GjUSnSWKoAvlRvNQAc179pQOhantvYIj4HxT2ASTfvKVXK' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 2
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: f567134e08c21
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 92928
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4080-HHN
x-timer: S1634602759.440982,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 19 Oct 2021 00:19:19 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"16b00-8wH7EX+jo8V7wA8ooFaCPlM6EtQ"
accept-ranges: bytes
x-cache-hits: 1

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
707 B 225ms
225ms Ping
application/octet-stream 2.16.186.234
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BTV1JGGRQH54JI5RN73G
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.234 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-234.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://moneydoesgrowontreeskhfs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 21d80b9c.35857ab
date: Tue, 19 Oct 2021 00:19:19 GMT
x-cache-remote: TCP_MISS from a184-28-72-44.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-230.deploy.akamaitechnologies.com (AkamaiGHost/10.4.4-34529956) (-)
x-parent-response-time: 189,2.16.186.230
server-timing: cdn-cache; desc=MISS, edge; dur=166, origin; dur=25, inner; dur=7
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20211019001919010245241002054E0CB1
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 25,184.28.72.44
x-tt-trace-host: 01434e1df6f26c65548a329a6d16addd181f142d9b002f92ac6a3393c2db0b32b5e1ea79f86152495bd6f864f06d1f231cfeb2cc0d1c6179541b021b8bf46d779112b24010c53277379604b344ea7a28ad5a6dc5cd41d7af6664e944f533c8cefa0a7d4fb96ef4f8020071528729d3ebb1
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 9DB5 52 KB
52 KB 67ms
24ms Stylesheet
text/css 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j&co=aHR0cHM6Ly9tb25leWRvZXNncm93b250cmVlc2toZnMuY29tOjQ0Mw..&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=invisible&cb=hiz1ces4qfxp

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 16:36:33 GMT
x-content-type-options: nosniff
age: 27766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Tue, 18 Oct 2022 16:36:33 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/ Frame 9DB5 346 KB
346 KB 66ms
24ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:09:01 GMT
x-content-type-options: nosniff
age: 618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 354205
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 04:21:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Wed, 19 Oct 2022 00:09:01 GMT

GET
H3 204 generate_204
www.youtube-nocookie.com/ Frame E5D2 0
9 B 8ms
8ms Image
text/plain 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube-nocookie.com/generate_204?3DOHiw
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f14.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 204 qoe
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 22ms
21ms Ping
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/api/stats/qoe?event=streamingstats&fmt=134&afmt=251&cpn=wZxxZazesNwkJyhb&ei=Bw9uYdHxGMeT1gLdhqeACQ&el=embedded&docid=w2-R7qcChVs&ns=yt&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&cl=402943675&seq=1&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.007:B,0.196:B,0.196:B&cmt=0.007:0.000,0.196:0.000&afs=0.196:251::i&vfs=0.196:134:134::r&view=0.196:1040:520&bwe=0.196:130000&bat=0.196:1:1&vis=0.196:0&bh=0.196:0.000

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:19 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK videoplayback Show response
r2---sn-4g5ednsd.googlevideo.com/ Frame E5D2 1 KB
2 KB 159ms
26ms XHR
text/plain 173.194.188.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednsd.googlevideo.com/videoplayback?expire=1634624359&ei=Bw9uYdHxGMeT1gLdhqeACQ&ip=216.131.114.139&id=o-ABw8b-HuTb9PN7Hgbk8WAqzzAlMb7G8I83zYuoLS9Bds&itag=134&aitags=133%2C134%2C160%2C242%2C243%2C278&source=youtube&requiressl=yes&mh=_S&mm=31%2C26&mn=sn-4g5ednsd%2Csn-2gb7sn7s&ms=au%2Conr&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=video%2Fmp4&ns=IyrioR4IsjYhL6W6LSwjheEG&gir=yes&clen=299567&otfp=1&dur=6.999&lmt=1597588102876979&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6216222&n=0yR0lSvTDadwaA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhALInKDpnrGDpLtnvJ-iHRdc0-1o1h4Z8vJbScKKL5fgfAiEAjw0Neo7GAN6TmFf8DIS3m4nXv9fn9tUOCErbvWvX9Fg%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAMVBOKRB91mNFVpdwjW-VWnUOEXB3NVE97a8H4hZt7nOAiBEvezwvyqgrFpkgs2hkabQlDR6Zd4bFLKgiehGmri5Bg%3D%3D&alr=yes&cpn=wZxxZazesNwkJyhb&cver=1.20211013.1.0&range=0-107494&rn=1&rbuf=0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

173.194.188.199 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s36-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

a623f922334be9763949e49ddf952511ba63b0e52b4f09fb5242206697ba9692

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
X-Restrict-Formats-Hint: None
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 1024
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.youtube-nocookie.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube-nocookie.com
X-Content-Type-Options: nosniff
Expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H/1.1 200
OK videoplayback Show response
r2---sn-4g5ednsd.googlevideo.com/ Frame E5D2 64 KB
65 KB 190ms
44ms XHR
audio/webm 173.194.188.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednsd.googlevideo.com/videoplayback?expire=1634624359&ei=Bw9uYdHxGMeT1gLdhqeACQ&ip=216.131.114.139&id=o-ABw8b-HuTb9PN7Hgbk8WAqzzAlMb7G8I83zYuoLS9Bds&itag=251&source=youtube&requiressl=yes&mh=_S&mm=31%2C26&mn=sn-4g5ednsd%2Csn-2gb7sn7s&ms=au%2Conr&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=audio%2Fwebm&ns=IyrioR4IsjYhL6W6LSwjheEG&gir=yes&clen=123844&otfp=1&dur=7.021&lmt=1597588099582722&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=0yR0lSvTDadwaA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAOL0aywRZv3S4-B_0eEB5p8f9Ag3VsxgamVmGkhWpD_JAiEAys3Xh4A_eheR7bFyuUsCiniVMfNqE2Rqj7abzjEgqgA%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAMVBOKRB91mNFVpdwjW-VWnUOEXB3NVE97a8H4hZt7nOAiBEvezwvyqgrFpkgs2hkabQlDR6Zd4bFLKgiehGmri5Bg%3D%3D&alr=yes&cpn=wZxxZazesNwkJyhb&cver=1.20211013.1.0&range=0-65819&rn=2&rbuf=0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

173.194.188.199 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s36-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

455541c858427bee470658a57264c99cd83752cb7a05cebd6f8d4adaf8e88ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:19 GMT
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 65820
Last-Modified: Sun, 16 Aug 2020 14:28:19 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: audio/webm
Access-Control-Allow-Origin: https://www.youtube-nocookie.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube-nocookie.com
Expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 remote.js Show response
www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/ Frame E5D2 93 KB
29 KB 23ms
22ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

0c4fc364a3aece336d29db788f663c41c2db6cb1b78cec2fa9df82a3c1745d2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 16:57:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 372136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29593
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 16:57:03 GMT

GET
H3 200 captions.js Show response
www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/ Frame E5D2 64 KB
24 KB 15ms
15ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/captions.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

de87267aae45032345e1ae97e76ac58ebd799965193f2acd953f971b63de8897

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:00:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 371950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24470
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 17:00:09 GMT

GET
H3 200 endscreen.js Show response
www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/ Frame E5D2 26 KB
7 KB 21ms
21ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/endscreen.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

3439481668ada9ed83ae9890af483cf2170e4781486b9355850e37dac9096900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 17:00:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 371950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7228
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 00:20:00 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Oct 2022 17:00:09 GMT

POST
H3 200 next Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 66 KB
5 KB 196ms
196ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

5768257785ae70a2794d7933b62d0af021da8ae2b520176ab117ac02bee14b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20211013.1.0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5522
x-xss-protection: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E5D2 4 KB
2 KB 57ms
57ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 9DB5 2 KB
2 KB 37ms
36ms Image
image/png 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/qljbK_DTcvY1PzbR7IG69z1r/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 11:16:19 GMT
x-content-type-options: nosniff
age: 133380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 24 Oct 2021 11:16:19 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9DB5 15 KB
15 KB 26ms
25ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 19:58:13 GMT
x-content-type-options: nosniff
age: 15666
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Oct 2022 19:58:13 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9DB5 15 KB
15 KB 28ms
27ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 01:35:26 GMT
x-content-type-options: nosniff
age: 600233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 01:35:26 GMT

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 105 KB
105 KB 61ms
7ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5lzne6.googlevideo.com/videoplayback?expire=1634624359&ei=Bw9uYdHxGMeT1gLdhqeACQ&ip=216.131.114.139&id=o-ABw8b-HuTb9PN7Hgbk8WAqzzAlMb7G8I83zYuoLS9Bds&itag=134&aitags=133%2C134%2C160%2C242%2C243%2C278&source=youtube&requiressl=yes&vprv=1&mime=video%2Fmp4&ns=IyrioR4IsjYhL6W6LSwjheEG&gir=yes&clen=299567&otfp=1&dur=6.999&lmt=1597588102876979&keepalive=yes&fexp=24001373,24007246&c=WEB_EMBEDDED_PLAYER&txp=6216222&n=0yR0lSvTDadwaA&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhALInKDpnrGDpLtnvJ-iHRdc0-1o1h4Z8vJbScKKL5fgfAiEAjw0Neo7GAN6TmFf8DIS3m4nXv9fn9tUOCErbvWvX9Fg%3D&alr=yes&cpn=wZxxZazesNwkJyhb&cver=1.20211013.1.0&redirect_counter=1&cm2rm=sn-4g5e6r7l&cms_redirect=yes&mh=_S&mm=34&mn=sn-4g5lzne6&ms=ltu&mt=1634602593&mv=m&mvi=2&pl=24&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgPCjwe-O6FRbQKoLXeVxp5wMSnH-8P6YizQk3MeIzR3oCICykH35Hal8__NvV-838U9R3pzPJ9CaeFWSHGPEYp9V7&range=0-107494&rn=3&rbuf=0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

c7ca6971bebfc9d7b0035ae8e506e4608ecb4358e3dd5880de3ce32f25cc7444

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107495
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 9DB5 102 B
134 B 20ms
20ms Other
text/javascript 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=qljbK_DTcvY1PzbR7IG69z1r

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

b09b62ea3362a0e9cdf0a6362e6f0c478744254a9d080b0a0e6c943a05376919

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LekvqsUAAAAAGpMf4hg4vOGdREt7tRI54O9FI2j&co=aHR0cHM6Ly9tb25leWRvZXNncm93b250cmVlc2toZnMuY29tOjQ0Mw..&hl=de&v=qljbK_DTcvY1PzbR7IG69z1r&size=invisible&cb=hiz1ces4qfxp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/93/ Frame E5D2 52 KB
15 KB 18ms
18ms Script
text/javascript 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/93/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

66b3a50b1f61027459efda3192f4265a316f43a8d770a7135c956bea688fe4d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 15:35:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15346
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 17:05:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Tue, 19 Oct 2021 15:35:08 GMT

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 21CD 55 KB
19 KB 51ms
11ms Script
application/javascript 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10f6bf9c82f198a1867ad8f207e6fd37f67c9cd2adf0fa44368cbb2c271c9a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31557600
content-encoding: gzip
x-content-type-options: nosniff
age: 349
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS, HIT
paypal-debug-id: 25003d815667c
x-cache-hits: 4, 0, 78
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 19145
etag: W/"615c8489-da93"
x-served-by: cache-sjc10047-SJC, cache-hhn4039-HHN, cache-hhn4070-HHN
last-modified: Tue, 05 Oct 2021 16:59:53 GMT
x-timer: S1634602760.935048,VS0,VE1
date: Tue, 19 Oct 2021 00:19:19 GMT
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=86400
access-control-allow-credentials: false
accept-ranges: bytes
expires: Wed, 20 Oct 2021 00:19:19 GMT

POST
H2 200 graphql Show response
www.paypal.com/ Frame 21CD 2 KB
2 KB 365ms
364ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/graphql?GetNativeEligibility

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

09a206a24403978b23086c133da96b3e2835fa88fb7ab0b959d24eb935add0ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HM3m+p4WgB1qnpGPZCYUauO43OWSW1g/fnNTcDua6RpYvmBm' 'self' 'unsafe-inline' 'unsafe-eval' https://.paypal.com https://.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://.paypal.com https://.paypalobjects.com; frame-src 'self' https://.paypalobjects.com https://.paypal.com https://.qualtrics.com; connect-src 'self' 'unsafe-inline' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; base-uri 'self' https://.paypal.com; form-action 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Accept-Language: de-DE,de;q=0.9
x-app-name: smart-payment-buttons
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-HM3m+p4WgB1qnpGPZCYUauO43OWSW1g/fnNTcDua6RpYvmBm' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' * data: https://c.paypal.com; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f33386811f0ca
date: Tue, 19 Oct 2021 00:19:20 GMT
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4080-HHN
x-timer: S1634602760.897688,VS0,VE350
x-frame-options: SAMEORIGIN
etag: W/"675-16ujj/uiN6OyEe4ezfv7QQjlXw0"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 104 KB
104 KB 7ms
7ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

1b9b96cd7e7165da31dbfb6fe99ed16966630b5a3af37622c19e3efc32d067a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106698
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 200 videoplayback Show response
r2---sn-4g5ednsd.googlevideo.com/ Frame E5D2 57 KB
57 KB 20ms
7ms XHR
audio/webm 173.194.188.199
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5ednsd.googlevideo.com/videoplayback?expire=1634624359&ei=Bw9uYdHxGMeT1gLdhqeACQ&ip=216.131.114.139&id=o-ABw8b-HuTb9PN7Hgbk8WAqzzAlMb7G8I83zYuoLS9Bds&itag=251&source=youtube&requiressl=yes&mh=_S&mm=31%2C26&mn=sn-4g5ednsd%2Csn-2gb7sn7s&ms=au%2Conr&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=audio%2Fwebm&ns=IyrioR4IsjYhL6W6LSwjheEG&gir=yes&clen=123844&otfp=1&dur=7.021&lmt=1597588099582722&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=0yR0lSvTDadwaA&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAOL0aywRZv3S4-B_0eEB5p8f9Ag3VsxgamVmGkhWpD_JAiEAys3Xh4A_eheR7bFyuUsCiniVMfNqE2Rqj7abzjEgqgA%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAMVBOKRB91mNFVpdwjW-VWnUOEXB3NVE97a8H4hZt7nOAiBEvezwvyqgrFpkgs2hkabQlDR6Zd4bFLKgiehGmri5Bg%3D%3D&alr=yes&cpn=wZxxZazesNwkJyhb&cver=1.20211013.1.0&range=65820-123843&rn=5&rbuf=3724

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.188.199 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s36-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

c53816fac0f6982bd3441fef27ba05653c546d708aeaf1e176e34e413a831886

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58024
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:19 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
expires: Tue, 19 Oct 2021 00:19:19 GMT

GET
H3 204 playback
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 22ms
22ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/playback?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=0.005&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=0.588&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=611&cl=402943675&mos=1&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&rtn=7&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&size=1040%3A520&inview=0.78&muted=1

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:19 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 ptracking
www.youtube-nocookie.com/ Frame E5D2 0
17 B 15ms
15ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/ptracking?html5=1&video_id=w2-R7qcChVs&cpn=wZxxZazesNwkJyhb&ei=Bw9uYdHxGMeT1gLdhqeACQ&ptk=youtube_none&pltype=contentugc

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:19 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 827 B
1 KB 157ms
157ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

75bde6f3e2270a8a834511ec193368598ae3b79a9aaa1f780e75fe839729d0e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://moneydoesgrowontreeskhfs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f333868284975
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4075-HHN
x-timer: S1634602760.218870,VS0,VE149
etag: W/"33b-odg5ctPkq08icntsJaCeNPIH9+o"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 249ms
236ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://moneydoesgrowontreeskhfs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f333868e93e3e
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4075-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1634602760.983631,VS0,VE217
content-encoding: br
vary: accept-encoding

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 83 KB
83 KB 7ms
7ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

edbbbe633a88dcbdb0025e33b5df596fdc3f9ae7bdf3becfda86ca8fb2ecc590

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:19 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85374
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:19 GMT

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 21CD 833 B
1 KB 196ms
195ms Ping
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7534e7a0418f1a0499ae121208681d5491a662b33b62cc046c087bd08d15cdbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f333868ea6c94
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4080-HHN
x-timer: S1634602760.983156,VS0,VE179
etag: W/"341-1ErhzlKtHyG9RHqIfe1SdyQ0dQY"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame D5C6 160 B
891 B 182ms
182ms Document
text/html 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: c.paypal.com
:scheme: https
:path: /v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.paypal.com/
accept-encoding: gzip, deflate, br
cookie: ts_c=vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe; tsrce=smartcomponentnodeweb; l7_az=dcg14.slc; ts=vreXpYrS%3D1729297158%26vteXpYrS%3D1634604558%26vr%3D95eab11d17c0a79810a784ceffffffff%26vt%3D95eab11d17c0a79810a784cefffffffe%26vtyp%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypal.com/

Response headers

correlation-id: b58298a3d2938
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
paypal-debug-id: b58298a3d2938
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: none
date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
x-served-by: cache-hhn4070-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1634602760.992325,VS0,VE170
vary: Accept-Encoding
set-cookie: x-cdn=0300; Domain=paypal.com; Path=/; Secure
content-encoding: br

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v2/ Frame 1CAE
Redirect Chain

https://b.stats.paypal.com/v2/counter.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS

42 B
299 B

108ms
38ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS
Requested by: Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Tue, 19 Oct 2021 00:19:20 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS
Date: Tue, 19 Oct 2021 00:19:20 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame D5C6 55 KB
19 KB 9ms
8ms Script
application/javascript 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

10f6bf9c82f198a1867ad8f207e6fd37f67c9cd2adf0fa44368cbb2c271c9a81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31557600
content-encoding: gzip
x-content-type-options: nosniff
age: 350
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS, HIT
paypal-debug-id: 25003d815667c
x-cache-hits: 4, 0, 79
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 19145
etag: W/"615c8489-da93"
x-served-by: cache-sjc10047-SJC, cache-hhn4039-HHN, cache-hhn4070-HHN
last-modified: Tue, 05 Oct 2021 16:59:53 GMT
x-timer: S1634602760.189004,VS0,VE1
date: Tue, 19 Oct 2021 00:19:20 GMT
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=86400
access-control-allow-credentials: false
accept-ranges: bytes
expires: Wed, 20 Oct 2021 00:19:20 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame D5C6 125 B
602 B 185ms
185ms XHR
application/json 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://c.paypal.com/v1/r/d/b/p1
Requested by: Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4e634b6479849978442a08d2c109e77991e08b902990c684893077cf9e5a4622

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
correlation-id: d024c59445a8c
x-served-by: cache-hhn4070-HHN
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: d024c59445a8c
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
content-type: application/json
content-length: 125
x-cache-hits: 0

POST
H2 200 e Show response
c.paypal.com/v1/r/d/b/ Frame D5C6 15 B
186 B 149ms
149ms XHR
application/json 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://c.paypal.com/v1/r/d/b/e
Requested by: Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
correlation-id: 3d134e33bb226
x-served-by: cache-hhn4070-HHN
x-cache: MISS
content-type: application/json
paypal-debug-id: 3d134e33bb226
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 15
x-cache-hits: 0

GET
H/1.1 200
OK p3
c6.paypal.com/v1/r/d/b/ Frame D5C6 0
266 B 271ms
176ms Image
text/plain 2.20.192.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c6.paypal.com/v1/r/d/b/p3?f=uid_3b11139f0e_mda6mtk6mtg&s=SMART_PAYMENT_BUTTONS
Requested by: Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.20.192.132 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-20-192-132.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 19 Oct 2021 00:19:20 GMT
CORRELATION-ID: ab5a48a03ee1a
Paypal-Debug-Id: ab5a48a03ee1a
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Tue, 19 Oct 2021 00:19:20 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 21CD 825 B
1 KB 204ms
203ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

63a5253ad14199b7ce9eef623d551f6a6340bd3712098b07812016bd887bd053

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVpfaHZNVXBFQVAzbzB2SjRoZEFmTC02eFpqZzU3ZUp2SzVSeUZFNEI4ck5nMHFEQ2ZWcnFXemdFSkNOaEZrSWpacUJwVm42bl85U3FOY0gmbWVyY2hhbnQtaWQ9bmFraWF2aGFycmVsbCU0MGdtYWlsLmNvbSZjdXJyZW5jeT1VU0QmZGlzYWJsZS1mdW5kaW5nPWJhbmNvbnRhY3QlMkNibGlrJTJDZXBzJTJDZ2lyb3BheSUyQ2lkZWFsJTJDbWVyY2Fkb3BhZ28lMkNteWJhbmslMkNwMjQlMkNzZXBhJTJDc29mb3J0IiwiYXR0cnMiOnsiZGF0YS11aWQiOiJ1aWRfeXB4cXNscGxwdmpmYm13aXN3c29teGJ5b2FhbnRjIn19&clientID=AZ_hvMUpEAP3o0vJ4hdAfL-6xZjg57eJvK5RyFE4B8rNg0qDCfVrqWzgEJCNhFkIjZqBpVn6n_9SqNcH&sdkCorrelationID=f8931836f3cc5&storageID=uid_9af8dbf779_mda6mtk6mtg&sessionID=uid_3b11139f0e_mda6mtk6mtg&buttonSessionID=uid_f03f18f7a2_mda6mtk6mtg&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6dHJ1ZSwicHJvZHVjdHMiOnsicGF5SW40Ijp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6ImV4cGVyaW1lbnRhYmxlIn0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXJpYW50IjoiZXhwZXJpbWVudGFibGUifX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfX0&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&flow=purchase&currency=USD&intent=capture&commit=true&vault=false&disableFunding.0=bancontact&disableFunding.1=blik&disableFunding.2=eps&disableFunding.3=giropay&disableFunding.4=ideal&disableFunding.5=mercadopago&disableFunding.6=mybank&disableFunding.7=p24&disableFunding.8=sepa&disableFunding.9=sofort&merchantID.0=nakiavharrell%40gmail.com&renderedButtons.0=paypal&renderedButtons.1=paylater&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&allowBillingPayments=true
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:20 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f33386808062c
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4080-HHN
x-timer: S1634602760.260765,VS0,VE192
etag: W/"339-MOWUQxyGe9Ne0RpV+fE/dO9Q/JI"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H3 200 log_event Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 28 B
50 B 21ms
21ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-YouTube-Client-Version: 1.20211013.1.0
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
X-YouTube-Ad-Signals: dt=1634602759251&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1040%2C520&vis=1&wgl=true&ca_type=image

Response headers

date: Tue, 19 Oct 2021 00:19:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0

GET
H3 204 delayplay
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 16ms
15ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/delayplay?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=4.21&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=4.829&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=4853&cl=402943675&mos=1&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&size=1040%3A520&inview=0.78&muted=1

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:24 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 atr Show response
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 22ms
21ms XHR
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/api/stats/atr?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=4.498&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=5.117&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=5140&cl=402943675&mos=1&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&muted=1

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-YouTube-Client-Version: 1.20211013.1.0
X-YouTube-Time-Zone: Etc/Unknown
X-YouTube-Ad-Signals: dt=1634602759262&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1040%2C520&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:24 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 16ms
16ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/watchtime?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=6.381&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=7.001&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=7024&cl=402943675&state=playing&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&rtn=17&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&idpj=-4&ldpj=-11&rti=7&size=1040%3A520&inview=0.78&st=0&et=6.381&muted=1

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:26 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 log_event Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 28 B
50 B 20ms
20ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-YouTube-Client-Version: 1.20211013.1.0
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
X-YouTube-Ad-Signals: dt=1634602759262&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1040%2C520&vis=1&wgl=true&ca_type=image

Response headers

date: Tue, 19 Oct 2021 00:19:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0

POST
H3 204 qoe
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 16ms
15ms Ping
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/api/stats/qoe?event=streamingstats&fmt=134&afmt=251&cpn=wZxxZazesNwkJyhb&ei=Bw9uYdHxGMeT1gLdhqeACQ&el=embedded&docid=w2-R7qcChVs&ns=yt&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&cl=402943675&seq=2&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&cat=otfp&cmt=0.585:0.005,1.335:0.716,7.642:7.021,7.642:7.021&vps=0.585:PL,7.642:EN&user_intent=0&bwm=7.642:424435:0.710&bwe=7.642:850434&bat=7.642:1:1&bh=7.642:7.000&df=7.642:0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 qoe
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 16ms
16ms Ping
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/api/stats/qoe?event=streamingstats&fmt=134&afmt=251&cpn=wZxxZazesNwkJyhb&ei=Bw9uYdHxGMeT1gLdhqeACQ&el=embedded&docid=w2-R7qcChVs&ns=yt&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&cl=402943675&seq=3&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&cmt=7.648:7.021,7.648:7.021,7.649:7.021&vps=7.648:N,7.648:SU,7.649:SU&bat=7.649:1:1&bh=7.649:0.000

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 18ms
17ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/watchtime?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=7.021&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=7.642&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=7665&cl=402943675&state=paused&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&idpj=-4&ldpj=-11&size=1040%3A520&inview=0.78&st=6.381&et=7.021&muted=1

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 18ms
17ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/watchtime?ns=yt&el=embedded&cpn=wZxxZazesNwkJyhb&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=7.021&ei=Bw9uYdHxGMeT1gLdhqeACQ&fmt=134&fs=0&rt=7.649&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=7672&cl=402943675&state=paused&vm=CAEQABgEOjJBS1JhaHdBZTRDODh2b1hybGtNWW5fbVJqQTFnVGJlTTNKc3ZsNDNWSGNKT1hlTlNEd2JWQVBta0tES2R5bGI5elNxaFkzalJOcEVpdjNXaDRtUWQzTE9peHpWZ0VmUDBnRlhGTElUODc5T0FuSTlsVXNWQVpzNDdXaUdNUW5oV0xfRVBVOUFOS1E&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&final=1&delay=4&hl=de_DE&cr=US&len=7.021&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&idpj=-4&ldpj=-11&size=1040%3A520&inview=0.78&st=7.021&et=7.021&muted=1

Requested by

Host: moneydoesgrowontreeskhfs.com
URL: https://moneydoesgrowontreeskhfs.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 player Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 62 KB
18 KB 112ms
112ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

ab885d37475c79526c08341a35947ce0fd8cfb794ab007b4b56614ca0f6b95ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20211013.1.0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18372
x-xss-protection: 0

POST
H3 204 qoe
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 18ms
17ms Ping
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/api/stats/qoe?event=streamingstats&fmt=134&afmt=251&cpn=XAjyD0sHfg0RRn_e&ei=Dw9uYd3pAYOz1gKUtIRw&el=embedded&docid=w2-R7qcChVs&ns=yt&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&cl=402943675&seq=1&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.001:B,0.122:B,0.122:B&cmt=0.001:0.000,0.122:0.000&afs=0.122:251::i&vfs=0.122:134:134::r&view=0.122:1040:520&bwe=0.122:850434&bat=0.122:1:1&vis=0.122:0&bh=0.122:0.000

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 105 KB
105 KB 7ms
7ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5lzne6.googlevideo.com/videoplayback?expire=1634624367&ei=Dw9uYd3pAYOz1gKUtIRw&ip=216.131.114.139&id=o-AEFw53FmEle0J7TycolJzn4LbgJNfikfv8HI2-YKZV89&itag=134&aitags=133%2C134%2C160%2C242%2C243%2C278&source=youtube&requiressl=yes&mh=_S&mm=31%2C29&mn=sn-4g5lzne6%2Csn-4g5ednsd&ms=au%2Crdu&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=video%2Fmp4&ns=jLmRXrufm8B7c6cvL2fj9xoG&gir=yes&clen=299567&otfp=1&dur=6.999&lmt=1597588102876979&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6216222&n=KQP70uLr3sUP7Q&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgf54s3ndfX9ZxFctZZbse34vXSeS3WN0Mx11Widc5iOMCIQDpvxSFhWHJKLuqR2sKdZH2O_yofXFq0u5sk0lvO3BLhA%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgQNh91bDZ31ihn99JgXbtyOVy1ssYVoA7JNbhK-ZFLV0CID4jn_A7z_6oL3TSD-V0N-WLUj4if1LV_Rz42xyF1ykw&alr=yes&cpn=XAjyD0sHfg0RRn_e&cver=1.20211013.1.0&range=0-107494&rn=7&rbuf=0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

c7ca6971bebfc9d7b0035ae8e506e4608ecb4358e3dd5880de3ce32f25cc7444

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107495
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:27 GMT

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 64 KB
64 KB 16ms
16ms XHR
audio/webm 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5lzne6.googlevideo.com/videoplayback?expire=1634624367&ei=Dw9uYd3pAYOz1gKUtIRw&ip=216.131.114.139&id=o-AEFw53FmEle0J7TycolJzn4LbgJNfikfv8HI2-YKZV89&itag=251&source=youtube&requiressl=yes&mh=_S&mm=31%2C29&mn=sn-4g5lzne6%2Csn-4g5ednsd&ms=au%2Crdu&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=audio%2Fwebm&ns=jLmRXrufm8B7c6cvL2fj9xoG&gir=yes&clen=123844&otfp=1&dur=7.021&lmt=1597588099582722&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=KQP70uLr3sUP7Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgbfnktbnzLxNv1IoBsqh2ihb-ZBuOrGv--GkxSjlm7ikCIQDxvMVCdJLa8FIevPPq_e25oymaTbePHRjiAiaZfi-_6A%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgQNh91bDZ31ihn99JgXbtyOVy1ssYVoA7JNbhK-ZFLV0CID4jn_A7z_6oL3TSD-V0N-WLUj4if1LV_Rz42xyF1ykw&alr=yes&cpn=XAjyD0sHfg0RRn_e&cver=1.20211013.1.0&range=0-65819&rn=8&rbuf=0

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

455541c858427bee470658a57264c99cd83752cb7a05cebd6f8d4adaf8e88ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65820
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:19 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
expires: Tue, 19 Oct 2021 00:19:27 GMT

POST
H3 200 next Show response
www.youtube-nocookie.com/youtubei/v1/ Frame E5D2 66 KB
5 KB 183ms
183ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube-nocookie.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

75e6acd48cb5bbf142ce36889b1e206af9e6594f0dd538e14b4b82280398a4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20211013.1.0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
X-Goog-Visitor-Id: CgtyMFp2TVdjT3FRdyiGnriLBg%3D%3D
Content-Type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5478
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 35ms
20ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211013&st=env

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

564279cf9fee210b0497b58465bbdddf93dd74dad3511a1165c6cbd792e0c9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 19 Oct 2021 00:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8610
x-xss-protection: 0

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 104 KB
104 KB 8ms
8ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

1b9b96cd7e7165da31dbfb6fe99ed16966630b5a3af37622c19e3efc32d067a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106698
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:27 GMT

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 57 KB
57 KB 8ms
8ms XHR
audio/webm 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-4g5lzne6.googlevideo.com/videoplayback?expire=1634624367&ei=Dw9uYd3pAYOz1gKUtIRw&ip=216.131.114.139&id=o-AEFw53FmEle0J7TycolJzn4LbgJNfikfv8HI2-YKZV89&itag=251&source=youtube&requiressl=yes&mh=_S&mm=31%2C29&mn=sn-4g5lzne6%2Csn-4g5ednsd&ms=au%2Crdu&mv=m&mvi=2&pl=24&initcwndbps=772500&vprv=1&mime=audio%2Fwebm&ns=jLmRXrufm8B7c6cvL2fj9xoG&gir=yes&clen=123844&otfp=1&dur=7.021&lmt=1597588099582722&mt=1634602369&fvip=2&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=KQP70uLr3sUP7Q&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgbfnktbnzLxNv1IoBsqh2ihb-ZBuOrGv--GkxSjlm7ikCIQDxvMVCdJLa8FIevPPq_e25oymaTbePHRjiAiaZfi-_6A%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgQNh91bDZ31ihn99JgXbtyOVy1ssYVoA7JNbhK-ZFLV0CID4jn_A7z_6oL3TSD-V0N-WLUj4if1LV_Rz42xyF1ykw&alr=yes&cpn=XAjyD0sHfg0RRn_e&cver=1.20211013.1.0&range=65820-123843&rn=10&rbuf=3724

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

c53816fac0f6982bd3441fef27ba05653c546d708aeaf1e176e34e413a831886

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58024
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:19 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
expires: Tue, 19 Oct 2021 00:19:27 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 72ms
35ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110130101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Tue, 19 Oct 2021 00:19:27 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 806 B
1 KB 169ms
169ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e47fa957a9c7d2f2ccfc74a7baa954197753d98ea320b5806dbd00f04bb45565

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://moneydoesgrowontreeskhfs.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f440511b2fd2d
strict-transport-security: max-age=63072000; includeSubDomains; preload
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4075-HHN
x-timer: S1634602767.373437,VS0,VE158
etag: W/"326-vhebjuYgQqP9T1+yvu2O4eaT9xw"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 185ms
185ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://moneydoesgrowontreeskhfs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://moneydoesgrowontreeskhfs.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f440511177856
x-content-type-options: nosniff
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
date: Tue, 19 Oct 2021 00:19:27 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4075-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1634602767.187440,VS0,VE179
content-encoding: br
vary: accept-encoding

GET
H3 200 videoplayback Show response
r2---sn-4g5lzne6.googlevideo.com/ Frame E5D2 83 KB
83 KB 7ms
6ms XHR
video/mp4 74.125.160.231
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube-nocookie.com
URL: https://www.youtube-nocookie.com/s/player/03869671/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.160.231 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s15-in-f7.1e100.net

Software

gvs 1.0 /

Resource Hash

edbbbe633a88dcbdb0025e33b5df596fdc3f9ae7bdf3becfda86ca8fb2ecc590

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 19 Oct 2021 00:19:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85374
client-protocol: quic
last-modified: Sun, 16 Aug 2020 14:28:22 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube-nocookie.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21300
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube-nocookie.com
x-content-type-options: nosniff
expires: Tue, 19 Oct 2021 00:19:27 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame C8FB 12 KB
5 KB 25ms
8ms Document
text/html 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Mon, 18 Oct 2021 19:07:31 GMT
expires: Tue, 18 Oct 2022 19:07:31 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 18716
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 531B 783 B
533 B 56ms
56ms Document
text/html 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

GSE /

Resource Hash

144de3e4f3ec8e18fa73684a90b416009c8dfb53865b667e52ab211223e51b7a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WRoI6IophmTxLlGMaahyWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://moneydoesgrowontreeskhfs.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 19 Oct 2021 00:19:27 GMT
date: Tue, 19 Oct 2021 00:19:27 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-WRoI6IophmTxLlGMaahyWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 playback
www.youtube-nocookie.com/api/stats/ Frame E5D2 0
17 B 17ms
17ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/api/stats/playback?ns=yt&el=embedded&cpn=XAjyD0sHfg0RRn_e&docid=w2-R7qcChVs&ver=2&referrer=https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2Fw2-R7qcChVs%3Fcontrols%3D1%26autoplay%3D1%26loop%3D1%26mute%3D1%26wmode%3Dtransparent%26playlist%3Dw2-R7qcChVs&cmt=0.056&ei=Dw9uYd3pAYOz1gKUtIRw&fmt=134&fs=0&rt=0.255&of=wbAUJoLFDaeeOSJrHXH1sg&euri=https%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F&lact=7929&cl=402943675&mos=1&vm=CAEQABgEOjJBS1JhaHdDbUtqeDlMejNTeGkyTEF4djdiMTVfeHdXSzJRZlVTN3lFZnk2dks3X1ZxUWJWQVBta0tES0R4M2F3aDVsRFBuQkQ2dDNEUXFaVC12RFpCOW44YnFURFNqVnhnZHR3bXlPQTRFZjZ6SGdjb1ZZdk1LTVZwSGYzR1hWb2JHQ25ZVVJ2SkE&volume=100&cbr=Chrome&cbrver=93.0.4577.63&c=WEB_EMBEDDED_PLAYER&cver=1.20211013.1.0&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autonav=1&autoplay=1&delay=4&hl=de_DE&cr=US&len=7.021&fexp=23748147%2C23983296%2C24001036%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24027693%2C24064555%2C24080738%2C24082662%2C24101841%2C24106092%2C24116772&rtn=2&list=TLGGuvSEsSYzBFsxOTEwMjAyMQ&afmt=251&size=1040%3A520&inview=0.78&muted=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 ptracking
www.youtube-nocookie.com/ Frame E5D2 0
17 B 15ms
15ms Image
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube-nocookie.com/ptracking?html5=1&video_id=w2-R7qcChVs&cpn=XAjyD0sHfg0RRn_e&ei=Dw9uYd3pAYOz1gKUtIRw&ptk=youtube_none&pltype=contentugc

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube-nocookie.com/embed/w2-R7qcChVs?controls=1&autoplay=1&loop=1&mute=1&wmode=transparent&playlist=w2-R7qcChVs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 6ezQI-oG7_JBlIQWa0q_6kDxCwRKhGyZnEhX1xufIgc.js Show response
pagead2.googlesyndication.com/bg/ Frame C8FB 34 KB
13 KB 8ms
8ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ezQI-oG7_JBlIQWa0q_6kDxCwRKhGyZnEhX1xufIgc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

e9ecd023ea06eff2419484166b4abfea40f10b044a846c999c4857d71b9f2207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 18 Oct 2021 17:22:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25033
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13172
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Tue, 18 Oct 2022 17:22:14 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 531B 0
0 48ms
47ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211013&jk=2118196064994274&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
54ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211013&jk=2118196064994274&bg=!urmluf3NAAao6lBpqOo7ACkAdvg8WgPIwBR9H5AnHn4a0NqPUPGFpn1yIfGgCqLMEwy_zvdzoSK2cgIAAAB2UgAAAA5oAQeZAqx-qRmKKh_pn5n1KpQ4mbmD_1Nxjq-HNC9qjSgB64lcb7j7WHStRlXfiDm7J26YUBlHw8kZB7ScbRUksRzDjyGJjFy-cbqPWYxNlQti_PIYZSplBFgY3e5SpK66n-mLmgko8cw0xq_MRxRe9ZgpXYeDEfmb3T4hSBJnqyK3qCohpbbaNgFZaVYOxSnQm4ot0wRqBHFBST5ePoarpLXWdsbMokeLVhVu6s1_I5j5tKC60Wcv9hKpaB9v0RRza6_T8qSB4Z9Q2rNOgPmscv2VFNA4_czdIgXg6vkV9bzkj9XbhXPw_7wlLtwYctZUp6TvnhHjqGDW_6KpME2zvVifzSrWJCou6H3KvWOPkk2WDcbhmnd6ltD-i47GXXXjkOibcz0PQnpRsLWvSfk53UPqum8oUcR63tZwLT4EbByneHiWDhhNZgbUaYqeCiQIa3DLYMzUo7fCOmSs98W7a_-ecKoT5hrRvqh2hQeicTeli-e1JaJRSC3MERv6czHFNIiUik-W9q_ipWbCLh4zGoGxytafERkfpSvgwLt-zkOQeOcMeSO-Hta0U-BxOBDQx4rhYr1Dl7eiTwJbW7E1RjvZA2nuoX9oHvzzdk29IZbIYQm5yrHRSCRIXeC2HrtEvil_gheLJlb7x0pIW_nVEdtV5ngr1YVsV7KlCOC3UM5GHmefwwP7lyVB35WlidT1pP8gTBHZ1C4VKsuL-q8k7ZGIr_-fe1kD28v5CuDFfZFSeK2d_SpRM_5YXagKEacIYhySAnepYvI55-RDYJ8BQD2uLhPZ4Wd9L4h3xO5KfdYO24T5MAafar7YdcT_TiehwryJcpGIoHzCF-QveARvWwcVPM0kVHgdDlS-rHc0YbYZO68fzjy7Tbg65NcQK8PvYMl14SEzHp9SCIISf03rgqU

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://moneydoesgrowontreeskhfs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 19 Oct 2021 00:19:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.respond.io
URL: https://cdn.respond.io/webchat/widget/widget.js?cId=595419d7d8ea7cfe05d809dc6f16b3d4297b3625173561ce99b24b055235975f%3C/div%3E%3C/div%3E%3C/div%3E%3Cdiv%20class=

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
moneydoesgrowontreeskhfs.com/	1970-01-19 22:04:49	Name: webs-stats-visitor-id Value: 463127363
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_migrations Value: 1418474375998%3D1
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_current_add Value: fd%3D2021-10-19%2000%3A19%3A18%7C%7Cep%3Dhttps%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F%7C%7Crf%3D%28none%29
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_first_add Value: fd%3D2021-10-19%2000%3A19%3A18%7C%7Cep%3Dhttps%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F%7C%7Crf%3D%28none%29
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_current Value: typ%3Dtypein%7C%7Csrc%3D%28direct%29%7C%7Cmdm%3D%28none%29%7C%7Ccmp%3D%28none%29%7C%7Ccnt%3D%28none%29%7C%7Ctrm%3D%28none%29
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_first Value: typ%3Dtypein%7C%7Csrc%3D%28direct%29%7C%7Cmdm%3D%28none%29%7C%7Ccmp%3D%28none%29%7C%7Ccnt%3D%28none%29%7C%7Ctrm%3D%28none%29
.moneydoesgrowontreeskhfs.com/	1970-01-20 00:12:58	Name: sbjs_udata Value: vst%3D1%7C%7Cuip%3D%28none%29%7C%7Cuag%3DMozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F93.0.4577.63%20Safari%2F537.36
moneydoesgrowontreeskhfs.com/	1969-12-31 23:59:59	Name: 7tfq5r86qvpoe830jl2nk62tjk-session Value: 0694b743-64a5-4258-9294-32843cdc199b
.doubleclick.net/	1970-01-19 22:03:23	Name: test_cookie Value: CheckForPermission
.moneydoesgrowontreeskhfs.com/	1970-01-19 22:03:24	Name: sbjs_session Value: pgs%3D5%7C%7Ccpg%3Dhttps%3A%2F%2Fmoneydoesgrowontreeskhfs.com%2F
.paypal.com/	1970-01-19 22:03:24	Name: l7_az Value: dcg14.slc
.moneydoesgrowontreeskhfs.com/	1970-01-20 07:24:58	Name: __gads Value: ID=9b1576e7666c33ed-222519d1f8ca0042:T=1634602758:RT=1634602758:S=ALNI_Mb-MS6OIjXO8d1mR9h0rP9pOG193Q
moneydoesgrowontreeskhfs.com/	1970-01-20 00:56:10	Name: _engagebay_visitor_id Value: 4705770905010176
.paypal.com/	1970-01-20 06:48:58	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-19 22:03:54	Name: LANG Value: de_DE%3BDE
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTYzNDYwMjc2MDE3MiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-19 22:07:41	Name: tsrce Value: graphqlnodeweb
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AztE2PwEfZPLxd69QSIYk7K8UTo5CV2TQ.bPdjPM3Hg4lSARRpB0B%2BhxN300UNJeRVKydXN%2F9ewbQ
.c.paypal.com/	1970-01-21 17:51:22	Name: sc_f Value: BzKM4QqoORx7tCciR2Ljk1fTFn3FhXIomHwPB6lGIb-kAxOeanp5h2vGT6FG67q0iEf-Dm8DkIO8IpFwagD2DIPsx-F5ci2S9I2ozG
.paypal.com/	1970-01-27 05:15:22	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: HJoTlhnxOPmXr99FScWhoY1pqThuuKq8wJusJvf02taBaRwkWYjChm0dXs3HDFZpYn4QZMX_JwNIAxsY
.paypal.com/	1970-01-21 00:20:10	Name: ts Value: vreXpYrS%3D1729297160%26vteXpYrS%3D1634604560%26vr%3D95eab78717c0a7a07ceef12aff631720%26vt%3D95eab78717c0a7a07ceef12aff63171f%26vtyp%3Dnew
.paypal.com/	1970-01-21 00:20:10	Name: ts_c Value: vr%3D95eab78717c0a7a07ceef12aff631720%26vt%3D95eab78717c0a7a07ceef12aff63171f

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://moneydoesgrowontreeskhfs.com/ Message: Resource requests whose URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and less-than characters (`<`) are blocked. Please remove newlines and encode less-than characters from places like element attribute values in order to load these resources. See https://www.chromestatus.com/feature/5735596811091968 for more details.
network	error	URL: https://js.hs-scripts.com/8410246.js Message: Failed to load resource: the server responded with a status of 404 ()
deprecation	warning	URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.14.4/rollbar.min.js Message: Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network	error	URL: https://js.hs-scripts.com/8410246.js Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://cdn.chatapi.net/webchat/widget/js/chat.d86ef98c.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
network	error	URL: https://imageprocessor.digital.vistaprint.com/maxWidth/2000/progressive/http://uploads.documents.cimpress.io/v1/uploads/5b7cddbc-bd8b-4586-bdf9-842764e66f0a~110/original?tenant=vbu-digital Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
analytics.tiktok.com
app.engagebay.com
assets.digital.vistaprint.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdn.chatapi.net
cdn.respond.io
cdnjs.cloudflare.com
checkoutlib.billsby.com
d2p078bqz5urf7.cloudfront.net
dub.stats.paypal.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
imageprocessor.digital.vistaprint.com
js.hs-scripts.com
moneydoesgrowontreeskhfs.com
pagead2.googlesyndication.com
partner.googleadservices.com
r2---sn-4g5ednsd.googlevideo.com
r2---sn-4g5lzne6.googlevideo.com
seal-charlotte.bbb.org
static.websimages.com
statscollector.digital.vistaprint.com
t.paypal.com
tpc.googlesyndication.com
vp-digital-tower-etc.s3.amazonaws.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.youtube-nocookie.com
yt3.ggpht.com
cdn.respond.io
104.16.19.94
104.16.5.81
104.17.195.73
104.17.211.204
13.32.29.104
13.32.29.125
13.35.253.80
142.250.181.225
142.250.184.194
142.250.185.226
142.250.185.65
142.250.185.66
142.250.185.68
142.250.185.72
142.250.186.163
142.250.186.42
142.250.186.46
142.250.186.67
151.101.1.35
151.101.65.21
151.101.65.35
172.217.18.115
172.217.18.98
173.194.188.199
2.16.186.234
2.20.192.132
216.52.119.101
35.190.161.161
52.216.234.51
52.4.241.247
64.4.245.84
74.125.160.231
99.86.3.22
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01c2d1be12748ed51ecdb1777641bf340ac50f949bf2610fae6ff84c529c1ec1
0379b33cfa38ad6ace6480de5e4965c67f8b0b9a4f7b68811950017d8f43a382
062d56afaf8233a79be0c7818787893ac91cc1d1caa33d9fcd59dee8d1730c1e
098618125383f339b61490acd432891e79d7ce980dfcc6e0261e93fab5500d89
09a206a24403978b23086c133da96b3e2835fa88fb7ab0b959d24eb935add0ff
0b140f87ff144db782e0cddbdd64decbaa35b5c7c890f1e45b05fe2d8478b42e
0c4fc364a3aece336d29db788f663c41c2db6cb1b78cec2fa9df82a3c1745d2f
0d3295ce01d228de6f1f8d97dcfc7a5b4ba3550985f62ffd21bad2c9b1f67eca
0eb6dcdeff6047fcafb45ed1174f6d1b1283a126bdfd30818b8a88a5b712e589
10f6bf9c82f198a1867ad8f207e6fd37f67c9cd2adf0fa44368cbb2c271c9a81
144de3e4f3ec8e18fa73684a90b416009c8dfb53865b667e52ab211223e51b7a
15cc1b171451030636dc2450ea6df0279544c2ccb605c96f16f3233208991a7f
1a36403d2326bc67faaae7619d1932eddff08be52a2f6cd03e02c3b3722f6038
1b9b96cd7e7165da31dbfb6fe99ed16966630b5a3af37622c19e3efc32d067a5
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c4c2e6fd8a12889bc2ab350338566579ae079850e59701c8bf55ba52abd4d6b
1f6fee9842ed78087a6e40668ee09e05106d8b47626d588ad871b5ff4d6445c2
1fd514137362f42d0b3d0f06f8ae5a7943ad3c84984c7ab28b5024dee1b1722d
23f418f8510f8139bba905207fe945aac99faad378029b92d213315810571a84
24888ff57c1714336f283a67e22f1207ef9826694a9078e1cda9d581ff148407
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
27e1c73b1ab7329f2a7c406c813fc39fb64578987b9c9f2eefa95ab045d478cc
28020dcffc351c7bc6e42fc1c08a3518a47183f8ee5b3f02aaefdfd5abd9f204
2ed1f1a6de65ad5ea339f5d053c5d587b9ebdacbe26f2f0c5c406a6373ede7ae
32c37d3ef21fb4793c7a9f4f6adf7e5d597e7fd0d7b8a89f793bb0b34c44ee53
3439481668ada9ed83ae9890af483cf2170e4781486b9355850e37dac9096900
35501bfd5f2a8d2d8fb04695bc80793b9aa7160ded872a9f89cc094b140f8702
391d493719ce8f42729593617cc99b9a7668319b142ed839ac22f4958a39928d
3969177281b39dacb532d29111fcf95ab01ea8ad24ef8961a0530a7404a35a84
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f13dc79fb926bcdc835e9f16f2e6b8b16f9fdede0d02ef7dbe00437ea542480
442035f71c10d96bf7fa6efe89aca7705495cfc40909bb70ad22fc4a9c091781
44bd4220ae9afb42bdf6199a39b14bc6f4cc6ea44c1481dcde55e8359fc6f41c
455541c858427bee470658a57264c99cd83752cb7a05cebd6f8d4adaf8e88ee6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b4e0b8fd7351c82ca27be2aed0bda263b65a05f2511dced4818ae2f0b6a7806
4da103d863f9b0b11a7b544b9f420dddb462b0f9ef5c20b6e84a5af94bc8e461
4e634b6479849978442a08d2c109e77991e08b902990c684893077cf9e5a4622
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
55c783be463bca6f0f40aa44664090c2dc91c4862c38e1928218e52869de08ae
564279cf9fee210b0497b58465bbdddf93dd74dad3511a1165c6cbd792e0c9d4
5768257785ae70a2794d7933b62d0af021da8ae2b520176ab117ac02bee14b1f
588e81b90f809aa61ea52192da0bbf55a928f3b9a6269618862337e0f69d0941
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c1c1a442b780f55e8400d57fc12cff9b20c846572bd8e95aa017a45de89ffc7
5d15d9db6134e6afc9a6105ba23acd46e9168d8c84e95c2381920edc3e0687b1
5ed296a36c85df6141cf0ceca5e4524a95a73dd584ea2cf3c48e2647c06f0f42
5fdbeaf13b05c46e785ce5c519622af84d3d7ba1347ccc5e8c359e1700dd5407
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
60387e14978bc3d6228afc3032e1815e67ece419a6aa459c9515d8cb43caf388
63a5253ad14199b7ce9eef623d551f6a6340bd3712098b07812016bd887bd053
668c4ea01b5ad8f78a731ab245c4e23994efb33d0a6f525d5b0f42828b2e2591
66b3a50b1f61027459efda3192f4265a316f43a8d770a7135c956bea688fe4d8
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
68ee21e7ef57e58bc00d37b06aa703fa96cafdc2bf5fa3ae3acbf6e23307139c
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7176793729b95d818d8dfc2c9f9ba097d078b8b5f069a1f4637084c346902ef1
7534e7a0418f1a0499ae121208681d5491a662b33b62cc046c087bd08d15cdbc
754fbb2ccf14a82937252ef78ec7f8418a4fff3ba0c7fd39440fcd7484a62763
75bde6f3e2270a8a834511ec193368598ae3b79a9aaa1f780e75fe839729d0e3
75e6acd48cb5bbf142ce36889b1e206af9e6594f0dd538e14b4b82280398a4a7
83e9eadcfefc66cf0bff70c9e3cdfde37f8a2071f82a0ed6bc464736e10463f6
85af7c43f6b5699613f498031b5dd09a57890df812de8b42360ee1d30cb688a2
8ec0d3366eedfec3fdf61c82c0bb160ab07e47a31073420deb1bb4f72083d59c
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
90284a82c2638fee9c00d3c8597e8e30d4d3675c2ec6887ad327130bf6d06aac
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
9b948c0c8f827f64286543b583c2e399292111bd549ec8ba5f87b59f57886b73
9d6ff9ce590e9d6210ffc6a7a282630fea42336748d898de6cb8e1ec68a97437
a1b715a140ddfcb01c85fcf208cfb5b6e57a74cb72eaa478edc25a0de2295297
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a623f922334be9763949e49ddf952511ba63b0e52b4f09fb5242206697ba9692
a9a16381ed78f7f8af0bb3f1152d14fd1ec2948d119f6647ceb951b46c990583
ab885d37475c79526c08341a35947ce0fd8cfb794ab007b4b56614ca0f6b95ba
ae45c639ad93829b212a181f2ef506f00c27cecbe1ff580a286b167e0a1faca4
b09b62ea3362a0e9cdf0a6362e6f0c478744254a9d080b0a0e6c943a05376919
b0f4da04b59a601e6ff91d94b03072699cca023870dedf1eb8dde1ea25e48a23
b428307dbdbdfd8ad27e971e93fd4b6c25a13b1c332ad201eaf817942b9b7056
b5222c470ef336e7f637eef68b0a53ab39b1641c8f01b4fa4e038ca3b79209ba
ba16fbb20621812a7bc955505f57238af97ebf66c28884156b07d2bfbfb35460
bbd80981dfc0174f878b36a16f2df70fb71f52d418aedcc654d3020ff8e3faa1
bc4ed622973a8aad23604ce89e681c9fd3a1ccc8f01c3c980c07ff81a6bdb91d
bcd932915498282ecff1a5086a84ef9a21f45a1a7a637cd18395485b02b48895
c53816fac0f6982bd3441fef27ba05653c546d708aeaf1e176e34e413a831886
c7ca6971bebfc9d7b0035ae8e506e4608ecb4358e3dd5880de3ce32f25cc7444
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce3d7a9acb688f987c3e98dc41d818c7dd0cd961c50897ef65605b6cd17ce139
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
d4cff8de2398964e05c8efe129c043b5a9c1863201e4054ec0b20ac92a4191af
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
da556df4dc2e8a01fc001ae2a2446328a6615e19a40e9113a8718f0ac018d2c4
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
de87267aae45032345e1ae97e76ac58ebd799965193f2acd953f971b63de8897
e2a8413ad5f1fb6f76341fa843a1672c861762331a6124b429023c5f0251fff1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47fa957a9c7d2f2ccfc74a7baa954197753d98ea320b5806dbd00f04bb45565
e49397f85100ce22e33ccb1372720938553e32f910600fc82a5e66830f619c83
e9ecd023ea06eff2419484166b4abfea40f10b044a846c999c4857d71b9f2207
edbbbe633a88dcbdb0025e33b5df596fdc3f9ae7bdf3becfda86ca8fb2ecc590
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eff7ef21d5a4a1fd34836cd3f134a919e42780e31f7161878399f3af762027b6
f6b5da04fa44e9bd96ff49c1b07d0805d98c94b641b2b633e3185c07310f8033
f72102770784d020e3b816d2e8113dca8d3c3a62a85ffc86a0c12af3ba5e2a17
f85f0c484192144eb16abc1ccc6ce1a31cb1200b12daee4d8e0d16371b207692
fb75a77639fe22c7cc20299f1244377270043b0a779d0491c3b8a6d846ff78c1

moneydoesgrowontreeskhfs.com Open in urlscan Pro 104.17.195.73 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

136 Requests

99 %HTTPS

0 %IPv6

24 Domains

35 Subdomains

34 IPs

2 Countries

5208 kBTransfer

9575 kBSize

22 Cookies

5 Outgoing links

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

moneydoesgrowontreeskhfs.com Open in urlscan Pro
104.17.195.73 Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

99 %
HTTPS

0 %
IPv6

24
Domains

35
Subdomains

34
IPs

2
Countries

5208 kB
Transfer

9575 kB
Size

22
Cookies

136 HTTP transactions
8 data transactions