urlscan.io logo urlscan.io
SecurityTrails logo

levelflowtr.com Open in urlscan Pro
2606:4700:3033::6815:2c64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://levelflowtr.com/
Effective URL: https://levelflowtr.com/
Submission: On January 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 25 HTTP transactions. The main IP is 2606:4700:3033::6815:2c64, located in United States and belongs to CLOUDFLARENET, US. The main domain is levelflowtr.com.
TLS certificate: Issued by GTS CA 1P5 on December 7th 2023. Valid for: 3 months.
This is the only time levelflowtr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
9 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
12 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
25 4
1    2606:4700:3031::ac43:c688 (United States)

ASN13335 (CLOUDFLARENET, US)
levelflowtr.com
9    2606:4700:3033::6815:2c64 (United States)

ASN13335 (CLOUDFLARENET, US)
levelflowtr.com
3    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
12    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
12 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
75 KB
10 levelflowtr.com
levelflowtr.com
556 KB
3 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
217 KB
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
4 KB
25 4
Domain Requested by
12 fundingchoicesmessages.google.com levelflowtr.com
10 levelflowtr.com 1 redirects levelflowtr.com
3 pagead2.googlesyndication.com levelflowtr.com
pagead2.googlesyndication.com
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
25 4

This site contains no links.

Subject Issuer Validity Valid
levelflowtr.com
GTS CA 1P5		 2023-12-07 -
2024-03-06		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://levelflowtr.com/
Frame ID: D3C95C9BC4C1825EFF724CE7A68463FE
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240117/r20190131/zrt_lookup_fy2021.html
Frame ID: 3AE506B0D688C230011FA5862D59526F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

LevelflowTR

Page URL History Show full URLs

  1. http://levelflowtr.com/ HTTP 301
    https://levelflowtr.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

25
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

852 kB
Transfer

2709 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://levelflowtr.com/ HTTP 301
    https://levelflowtr.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
levelflowtr.com/
Redirect Chain
  • http://levelflowtr.com/
  • https://levelflowtr.com/
17 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f0cd2ea6ad00748a3aaca83f553b1dd6f0407ad291967cf088c548d8eb8a09e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
847921ee0c306688-AMS
content-encoding
gzip
content-type
text/html
date
Thu, 18 Jan 2024 19:09:28 GMT
last-modified
Thu, 18 Jan 2024 13:14:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n0lmwDpjKmsrsL3r%2FpwpW0PExi1Bt9GKvN4eJfy%2BthkDyHWkxda8udWsZshLu1sfe3ZJ8O6dd94wtdDUX8zG8EgASJoG8eerr1KT4RHy8mbD%2FUTsdsDw6sz%2FEMCGjpvBY%2FEeb6bRf5OQ6K97Puk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

CF-RAY
847921ed7b7f3cad-CDG
Cache-Control
max-age=3600
Connection
keep-alive
Date
Thu, 18 Jan 2024 19:09:28 GMT
Expires
Thu, 18 Jan 2024 20:09:28 GMT
Location
https://levelflowtr.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mbQna%2FSIiV178vk6r818ssSozNYbavlU1Dc5zwSIdddMzWrHQA%2FGi7EX6ZobNqEmPrPkL%2BuayndSiLTdx%2FwJpmt6FZidbg6Xi3%2FUHflv3SVPcbDYLBdIJa9Tn2FGDydJQCQ6UpZuyoBdvBGw30U%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		146 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9422049964087743
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
958d577fb16ede78cdd292ae7d8392bd771eb052fd20dcb78165dba51d2a3c05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
Origin
https://levelflowtr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:28 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51122
x-xss-protection
0
server
cafe
etag
5759432901825690327
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Jan 2024 19:09:28 GMT
pub-9422049964087743
fundingchoicesmessages.google.com/i/ 		182 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/pub-9422049964087743?ers=1
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c867a14b9289b5c0114d032d94a1c80faf3cac1cf89c8824ee941164557a959c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-93EmgXSyTXMJSzJYwS19Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:28 GMT
content-security-policy
script-src 'report-sample' 'nonce-93EmgXSyTXMJSzJYwS19Hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
index-9898869f.js
levelflowtr.com/assets/ 		1 MB
409 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/assets/index-9898869f.js
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8978c3071faaec54d953a547d4db04b38e10bbebcd9331b98e43895ceccee5a3

Request headers

Referer
https://levelflowtr.com/
Origin
https://levelflowtr.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:28 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 18 Jan 2024 13:13:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
13524
etag
W/"65a923e4-1548ae"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbhnAQMbpkPi%2FZWtoLB5oLDQqsRkrRqO8FrdPk8BZc4xd8pBGWqhrt%2BbTu6okbwkYPJ2EPK7ZCA3nh1QiedVGxhFQqbww9h6z4Hr46UdipCBBHGcwOAeF2JbkF6%2F4c2XgaLYypOT1HRTgxiysaA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=2592000
cf-ray
847921ef3e616688-AMS
alt-svc
h3=":443"; ma=86400
expires
Sat, 17 Feb 2024 15:24:04 GMT
index-bf713fa6.css
levelflowtr.com/assets/ 		389 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/assets/index-bf713fa6.css
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf713fa657a3bd293cb60096b018047c4522cca594d50c6feefcb14d962d16c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:28 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 17 Jan 2024 09:44:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
119496
etag
W/"65a7a19a-613e5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B4pUI6jostKfNQUYGhBddnYLX0qRfibOAULSpyyp2A1kLjjH939WrkKmZauhC6MP7mgckRIzjCdLc486cnzKLTGrItjyTRqq8rf2px8RvIOp4reOmLxZXCE8IDfWklyuott1TD7BqLzxpzlzC%2BI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
847921ef3e606688-AMS
alt-svc
h3=":443"; ma=86400
expires
Fri, 16 Feb 2024 09:57:51 GMT
pub-9422049964087743
fundingchoicesmessages.google.com/b/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/b/pub-9422049964087743
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
62c8219e13b355fc2bf84035a328f3d28aacd98fe148b6369b1dde30cb5e4218
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-HhqJr4PG92Pxs4zbv0cw6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:28 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-HhqJr4PG92Pxs4zbv0cw6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
levelflowtr.com/socket.io/ 		118 B
593 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/socket.io/?EIO=4&transport=polling&t=OqT-d8I
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/assets/index-9898869f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08fe27658c303e05f0d214cb63e439116f85c77351e54ed6e6403fa44f66a313

Request headers

Accept
*/*
Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KEIHawEq%2B7etGAo%2FikSZXjXG16N9Mci8ktmwoQoKQusgBhnCbCg0OU44YmlNtmBmkq8f4LTLy2iZ%2BMcU5mXFqaPi2Zzdgcn88ZJjA7fPck2u8h%2BgpipMJHBlFpFgvdxRKIagfrrNMy7ogqHWLs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cache-control
no-store
cf-ray
847921f02ce41ad7-FRA
alt-svc
h3=":443"; ma=86400
check-session
levelflowtr.com/api/auth/ 		18 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/api/auth/check-session
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/assets/index-9898869f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aa06759da6af9878325a7b76e0c2a27516b85ca0022c140bd02d236e4ce81e5
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
content-length
18
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"12-5Ti4RxX6tW4QHCzTPHbTwIiTtA8"
x-download-options
noopen
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
origin-agent-cluster
?1
access-control-allow-credentials
true
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfpJ6w%2BWtW7yPigifSxibpjXCWSw5s8bJB%2B8PbTRC0oioAl5O3cIkyMrMdgOk7Tj7uO1Xryzln4gUxG2uZXMdghNja4TxZft4ngGfAcBon4laP4f9gSwcEhyAJtE8nfLhRuBl1SUR%2FlgFLBFs5w%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
847921f05d161ad7-FRA
AGSKWxU0UqvMTlvn8QG3GiP7n5fKyy5RhfmMUHMQUn6scZDZKnKPFq5CGXgVSWJBPz-JWENYf_DtVmKqbRyrDn8Jhzg_PA==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU0UqvMTlvn8QG3GiP7n5fKyy5RhfmMUHMQUn6scZDZKnKPFq5CGXgVSWJBPz-JWENYf_DtVmKqbRyrDn8Jhzg_PA==
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ALkiGf-BRuhUEcbtpSNv6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-ALkiGf-BRuhUEcbtpSNv6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXfwK8jB0WqaOz5c_pHO0Sy7JlC7H6xVHVDcYTF2JIF-I8tNaeuWO2UTHKkaxpGYlJGEa24J2v_ZTK3t_nrDyaa1-W2TSuEYw4Hyz7wPa8hcAinFyTHQpoLFpwgHE7YagjcCbbaQQ==
fundingchoicesmessages.google.com/f/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXfwK8jB0WqaOz5c_pHO0Sy7JlC7H6xVHVDcYTF2JIF-I8tNaeuWO2UTHKkaxpGYlJGEa24J2v_ZTK3t_nrDyaa1-W2TSuEYw4Hyz7wPa8hcAinFyTHQpoLFpwgHE7YagjcCbbaQQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjA0OTY5LDExMTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9sZXZlbGZsb3d0ci5jb20vIixudWxsLFtbOCwiTElxYzQxQko1YTAiXSxbOSwiZGUiXSxbMTksIjEiXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1b3da4c38a13512fdb8a67e48ff7cafa256a5609a08385045a41442259d6d761
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WNtlPS_o5apLB02ktZewrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-WNtlPS_o5apLB02ktZewrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/ 		402 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9422049964087743&plah=levelflowtr.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9422049964087743
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5e3ecf59c11cd6ba7efc88e396b114f5c361fd62d384135af3ab3c536c0c1707
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139520
x-xss-protection
0
server
cafe
etag
16503662518298663760
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 18 Jan 2024 19:09:29 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240117/r20190131/ Frame 3AE5 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240117/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9422049964087743
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
82788
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 17 Jan 2024 20:09:41 GMT
etag
9219409622527106327
expires
Wed, 31 Jan 2024 20:09:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
levelflowtr.com/socket.io/ 		2 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/socket.io/?EIO=4&transport=polling&t=OqT-dAx&sid=Gqb3z6T_GrTiNvhFAANA
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/assets/index-9898869f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXQJIirgYkCTHkOMnT2%2Bv%2BzkgBLstS4dehbBYNQORMyAqh99U3Ib9%2FsgF1IMEFXB6GunGN7ozh3HK5U3EVYgdoXitgIEGjYmzQWtRbT7R%2B%2FRjUBoUN%2B4HvVZNHAJNb2BbMh1kJ3hISngWgzbQoI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
no-store
cf-ray
847921f12e261ad7-FRA
alt-svc
h3=":443"; ma=86400
/
levelflowtr.com/socket.io/ 		32 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/socket.io/?EIO=4&transport=polling&t=OqT-dAy&sid=Gqb3z6T_GrTiNvhFAANA
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/assets/index-9898869f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1756f6e7f0c1c703432c27f40252ab81e71f485d62ef6c572394418005c9d15f

Request headers

Accept
*/*
Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zU8AgXBmlKmjOey4HctGclKAI3pykouKWQBdju%2F7JUkAiZKx1HoKx5dte83kPjMjBdnR%2BZXpeVx8ySVDmpQdqFA%2F%2F5Zi9hZzTSYdQCDRafLjYnPA7GjQBLb%2BVC4FW8S9bB%2BEcuZLue2f2uMcH5M%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cache-control
no-store
cf-ray
847921f12e291ad7-FRA
alt-svc
h3=":443"; ma=86400
content-length
32
levelflowtr-mainwallpaper.webp
levelflowtr.com/assets/img/ 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://levelflowtr.com/assets/img/levelflowtr-mainwallpaper.webp
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7ce704cf1b677a8be53ca97b36f0ae95c59a035828b684edf25bb1f66f9984c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
35312
alt-svc
h3=":443"; ma=86400
content-length
87604
last-modified
Sat, 14 Oct 2023 18:05:48 GMT
server
cloudflare
etag
"652ad87c-15634"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtNotyOph5wch7ZYc6Hg8BNe8rK5qxbVcvLgdXcbGqzSm3vghge3WcDXwG4zwLjnY74JGh%2BFtOe3ZDTHt0qbpxNh6zl6LeAi4oXYT8NZf1Bjc8C4YS8DAG65lCbu6zCO7TxtxCufFuUjmqeI2aM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
847921f1dec61ad7-FRA
expires
Sat, 17 Feb 2024 09:20:57 GMT
/
levelflowtr.com/socket.io/ 		1 B
428 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://levelflowtr.com/socket.io/?EIO=4&transport=polling&t=OqT-dDW&sid=Gqb3z6T_GrTiNvhFAANA
Requested by
Host: levelflowtr.com
URL: https://levelflowtr.com/assets/index-9898869f.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:2c64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

Request headers

Accept
*/*
Referer
https://levelflowtr.com/login
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9IYFtVYkwBGn4SwscX6g1BF4OzAH%2BczCcUJBTumFeR%2F5LGL%2Ff8TFnTX2LnjOW%2FXSMs59oO0tA%2BAs5YDABttYNsvsJ5f%2BxAphQNfLRWifXvYuSdBktJnMM6p79P2pLsB8wBClXsJC9KUt0gkiR1Q%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cache-control
no-store
cf-ray
847921f23f341ad7-FRA
alt-svc
h3=":443"; ma=86400
content-length
1
ads_.adforge.
fundingchoicesmessages.google.com/f/AGSKWxVkGWtuVKvLZjWGQrCnm2Ii4vXlgpQC9A3o-pnYaM8T5Fk6-LxU1_RL3mPuGhPmqomA1utOqiQp0UYAwr6sX7MWqHNGxdo3D3ttU-H2MzwxJ7CF7RGifDP4hRG852FP-V2oa7Nj4Z7Lb-jZbPONfnO0dB1Tn... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVkGWtuVKvLZjWGQrCnm2Ii4vXlgpQC9A3o-pnYaM8T5Fk6-LxU1_RL3mPuGhPmqomA1utOqiQp0UYAwr6sX7MWqHNGxdo3D3ttU-H2MzwxJ7CF7RGifDP4hRG852FP-V2oa7Nj4Z7Lb-jZbPONfnO0dB1TnCfo20Zu3NRKAvZfx5RQX1HoaK81AHBa/_/localads./disabled_adBlock./cam4pop2.js/forum/ads_.adforge.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-Hs0eiopJhgDZxv-jwMMm8fYViw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6600f9b5e1f8d5e7b7e1bb687cf57ad3924132d62fa64495098e0b50f091433d
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-d7cgWnAiFrsnpC21JqQglQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-d7cgWnAiFrsnpC21JqQglQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
lidar.js
pagead2.googlesyndication.com/pagead/js/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-Hs0eiopJhgDZxv-jwMMm8fYViw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c9cacd70ab308f607d941cc9728d034e189506e8d020820adb112d7ff148762a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 18:49:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
1192
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31172
x-xss-protection
0
server
cafe
etag
8274047967244442607
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Thu, 18 Jan 2024 19:49:37 GMT
AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-BRbCGGoP7uMaUr5Kvz3kag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-BRbCGGoP7uMaUr5Kvz3kag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-UfOIjWsn8JJgI05hONPwGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-UfOIjWsn8JJgI05hONPwGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Wul84CyGkxw3-U1L4EY28g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-Wul84CyGkxw3-U1L4EY28g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXzyAq3_TlFylB6xMUPT0ufvoNjbq3eHtGcNVBe-pQU26G-fIwp6q-fQrXLvr1rjJ5rAtnLuvXi2gp_MwR3lLQZS799-c2HRq6C3W5gSx_fur3hssFSth4jnjwz0Yq37-el_Nnt_w==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-V7nm2S4c2H-WSiYZOow4TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 19:09:29 GMT
content-security-policy
script-src 'report-sample' 'nonce-V7nm2S4c2H-WSiYZOow4TQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWezMa_HKJDueXjAqDs69iyULMOViLbvu8ECegJQVS6G-ZJXG6r5U0SwIPwgHmiv5XAD9NlelHmGHAqdl83CG_cB5rcFhW40eiVElApX1EQDJCYzvA8x2ZqzwobHEm1F-KlDagaEw==
fundingchoicesmessages.google.com/f/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWezMa_HKJDueXjAqDs69iyULMOViLbvu8ECegJQVS6G-ZJXG6r5U0SwIPwgHmiv5XAD9NlelHmGHAqdl83CG_cB5rcFhW40eiVElApX1EQDJCYzvA8x2ZqzwobHEm1F-KlDagaEw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjA0OTY5LDkzMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vbGV2ZWxmbG93dHIuY29tL2xvZ2luIixudWxsLFtbOCwiTElxYzQxQko1YTAiXSxbOSwiZGUiXSxbMTksIjEiXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
af6cd6c6bb62dae3df0cdd3a89e9cf921e2ac34aefb6e424f1e95f6fc8c8ade9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3RVwfKbvgxXBtieY2IgCQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-3RVwfKbvgxXBtieY2IgCQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXANSNxQJazGlf8dlEITgexCqCMmSbZwnc1EbT9eassstcr89yj5HPt2nltveL0qF68XfaLyGyaeFlcs5mquLf8fifKh1H94XUVMq9U2IaWHTam4u-k4Wq_18M70-vUaF0BRJDXmA==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXANSNxQJazGlf8dlEITgexCqCMmSbZwnc1EbT9eassstcr89yj5HPt2nltveL0qF68XfaLyGyaeFlcs5mquLf8fifKh1H94XUVMq9U2IaWHTam4u-k4Wq_18M70-vUaF0BRJDXmA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA1NjA0OTcwLDQ1MDAwMDAwXSxudWxsLG51bGwsbnVsbCxbbnVsbCxbNyw2LDEwXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9sZXZlbGZsb3d0ci5jb20vbG9naW4iLG51bGwsW1s4LCJMSXFjNDFCSjVhMCJdLFs5LCJkZSJdLFsxOSwiMSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c1d3d15b8d50ca21bde638b25a2a8f331bd3d791d681a48130a2039afa90e09
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7V0bO9RO4s5bvF3R5r3Rvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://levelflowtr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 19:09:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-7V0bO9RO4s5bvF3R5r3Rvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWFAgdeVBNDwI21-xyqgk3yXNI1nuFzbM84Yv7ksyVkPKchXIwt9MqVs5qqJV-IIQG6Z6_OOO5AwFqDdv-8CPE1eClY7dt3o2zBtSYN2EViIvNZAOtLO7guMN6ZyV9S58Ct1mLVCw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWFAgdeVBNDwI21-xyqgk3yXNI1nuFzbM84Yv7ksyVkPKchXIwt9MqVs5qqJV-IIQG6Z6_OOO5AwFqDdv-8CPE1eClY7dt3o2zBtSYN2EViIvNZAOtLO7guMN6ZyV9S58Ct1mLVCw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.LIqc41BJ5a0.es5.O/am=wA/d=1/rs=AJlcJMyuHDquIDjtBjzFOiABIt8N5YwY7Q/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hFt--ML5NuaVdXWpsCTa9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://levelflowtr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 19:09:30 GMT
content-security-policy
script-src 'report-sample' 'nonce-hFt--ML5NuaVdXWpsCTa9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://levelflowtr.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 function| __h82AlnkH6D91__ object| FontAwesomeConfig object| ___FONT_AWESOME___ function| momentDurationFormatSetup number| uidEvent function| __p4qa8r1lb17__ string| cHViLTk0MjIwNDk5NjQwODc3NDM= object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef object| ggeac string| ZmZlNzJkY2QyOTNhYWU5OWxvYWRlcl9qcw== string| ZmZlNzJkY2QyOTNhYWU5OWNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady function| __uspapi object| __uspapiManager boolean| __uspapiPostMessageReady object| __gppEventListeners function| __gpp object| __gppManager boolean| __gppPostMessageReady object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl number| __google_lidar_ function| __google_lidar_radf_ boolean| 51300848-b27b-4486-b659-620bb16afba8

2 Cookies

Domain/Path Name / Value
levelflowtr.com/ Name: sid
Value: s%3ANkEEeZ6Kjwi6fFTcYMvdhoPaoQSnoxqd.zniGaIRfOEGWUHWgq095fpExfow6B8Q8G07qMdRUMc0
.levelflowtr.com/ Name: FCNEC
Value: %5B%5B%22AKsRol_RN6wqiG3Q9dwBhkZb9T38NI3evfV8vfkL0MNzeBEAvQOgimj4XDuN8S7x6ykteS-gH3wmUrMIuCFsly74NRyFREUo08F8r15fN9OxlWaxFOpffYAe42PBrbWjZ3XdyCKWrk1V7q2qScHkwHtaGT1qly_nlA%3D%3D%22%5D%5D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fundingchoicesmessages.google.com
googleads.g.doubleclick.net
levelflowtr.com
pagead2.googlesyndication.com
2606:4700:3031::ac43:c688
2606:4700:3033::6815:2c64
2a00:1450:4001:828::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
08fe27658c303e05f0d214cb63e439116f85c77351e54ed6e6403fa44f66a313
0f0cd2ea6ad00748a3aaca83f553b1dd6f0407ad291967cf088c548d8eb8a09e
1756f6e7f0c1c703432c27f40252ab81e71f485d62ef6c572394418005c9d15f
1b3da4c38a13512fdb8a67e48ff7cafa256a5609a08385045a41442259d6d761
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
5e3ecf59c11cd6ba7efc88e396b114f5c361fd62d384135af3ab3c536c0c1707
62c8219e13b355fc2bf84035a328f3d28aacd98fe148b6369b1dde30cb5e4218
6600f9b5e1f8d5e7b7e1bb687cf57ad3924132d62fa64495098e0b50f091433d
6c1d3d15b8d50ca21bde638b25a2a8f331bd3d791d681a48130a2039afa90e09
8978c3071faaec54d953a547d4db04b38e10bbebcd9331b98e43895ceccee5a3
8aa06759da6af9878325a7b76e0c2a27516b85ca0022c140bd02d236e4ce81e5
958d577fb16ede78cdd292ae7d8392bd771eb052fd20dcb78165dba51d2a3c05
a7ce704cf1b677a8be53ca97b36f0ae95c59a035828b684edf25bb1f66f9984c
af6cd6c6bb62dae3df0cdd3a89e9cf921e2ac34aefb6e424f1e95f6fc8c8ade9
bf713fa657a3bd293cb60096b018047c4522cca594d50c6feefcb14d962d16c5
c867a14b9289b5c0114d032d94a1c80faf3cac1cf89c8824ee941164557a959c
c9cacd70ab308f607d941cc9728d034e189506e8d020820adb112d7ff148762a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197