urlscan.io logo urlscan.io
SecurityTrails logo

link.paysciences.com Open in urlscan Pro
44.193.42.42  Public Scan

Go To Rescan Add Verdict Report
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Submission: On May 03 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 2 countries across 10 domains to perform 36 HTTP transactions. The main IP is 44.193.42.42, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is link.paysciences.com.
This is the only time link.paysciences.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

3    44.193.42.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-42-42.compute-1.amazonaws.com
link.paysciences.com
6    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    2620:1ec:4e:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
platform.linkedin.com
1    2a04:4e42:8d::84 (United States)

ASN54113 (FASTLY, US)
assets.pinterest.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.rmvme.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
developers.google.com
2    2a00:1450:4001:831::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
2    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
2    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
11 google.com
apis.google.com — Cisco Umbrella Rank: 236
developers.google.com — Cisco Umbrella Rank: 13502
accounts.google.com — Cisco Umbrella Rank: 92
138 KB
9 rmvme.com
assets.rmvme.com
157 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1159
syndication.twitter.com — Cisco Umbrella Rank: 1451
149 KB
3 gstatic.com
fonts.gstatic.com
ssl.gstatic.com
22 KB
3 paysciences.com
link.paysciences.com
30 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
1 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 189
89 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
905 B
1 pinterest.com
assets.pinterest.com — Cisco Umbrella Rank: 3067
1 KB
1 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 6317
36 10
Domain Requested by
9 assets.rmvme.com link.paysciences.com
6 apis.google.com 1 redirects link.paysciences.com
apis.google.com
accounts.google.com
4 platform.twitter.com link.paysciences.com
platform.twitter.com
3 developers.google.com 2 redirects apis.google.com
3 link.paysciences.com link.paysciences.com
2 www.facebook.com connect.facebook.net
2 syndication.twitter.com platform.twitter.com
link.paysciences.com
2 accounts.google.com apis.google.com
link.paysciences.com
2 fonts.gstatic.com fonts.googleapis.com
2 connect.facebook.net link.paysciences.com
connect.facebook.net
1 ssl.gstatic.com accounts.google.com
1 fonts.googleapis.com link.paysciences.com
1 assets.pinterest.com link.paysciences.com
1 platform.linkedin.com link.paysciences.com
36 14

This site contains links to these domains. Also see Links.

Domain
pinterest.com
frontiertop.com
www.jgwentworth.com
Subject Issuer Validity Valid
*.apis.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-06 -
2023-11-06		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-02-09 -
2023-05-10		 3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh

This page contains 6 frames:

Primary Page: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Frame ID: E45692851FCAA8C15EF37C437C5EB978
Requests: 26 HTTP requests in this frame

Frame: https://developers.google.com/?hl=de
Frame ID: 6DEF7C08C406F2FA59E52F1A80B5C60A
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Flink.paysciences.com
Frame ID: E0D7F42D29B5151C4DEE5763EF66492A
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Flink.paysciences.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__
Frame ID: 4ACFF955E8FD576A6912A5BF28B6791B
Requests: 5 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 43732A523AC68DAD4240DB3B8BEA22F8
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=recommend&app_id=197498640292688&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c750477c2afb8%26domain%3Dlink.paysciences.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Flink.paysciences.com%252Ff2ec9f9a9ed9c0c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fclientlink.directiq.com%2FSOCIALFB2%2F3606b272-38d6-4619-9941-fa87e4d4aa5a&layout=button_count&locale=de_DE&sdk=joey&send=true&show_faces=false
Frame ID: 85352C2AF5A09F4D06655D0207084DEA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JG Wentworth › Custom Debt Resolution Programs

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Page Statistics

36
Requests

56 %
HTTPS

86 %
IPv6

10
Domains

14
Subdomains

15
IPs

2
Countries

587 kB
Transfer

1359 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://assets.pinterest.com/images/pidgets/pin_it_button.png HTTP 307
  • https://assets.pinterest.com/images/pidgets/pin_it_button.png
Request Chain 15
  • http://connect.facebook.net/de_DE/all.js HTTP 307
  • https://connect.facebook.net/de_DE/all.js
Request Chain 21
  • https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=http%3A%2F%2Flink.paysciences.com&url=https%3A%2F%2Fclientlink.directiq.com%2FSOCIAL2%2F3606b272-38d6-4619-9941-fa87e4d4aa5a&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__ HTTP 301
  • http://developers.google.com/ HTTP 301
  • https://developers.google.com/ HTTP 302
  • https://developers.google.com/?hl=de

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request viewer3.aspx
link.paysciences.com/IO/ 		27 KB
28 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
44.193.42.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-42-42.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
80ad579c1844d9eb801ee1565b9e5812a44fec6fd345c758e216491f6956b061

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Connection
keep-alive
Content-Length
27969
Content-Type
text/html; charset=utf-8
Date
Wed, 03 May 2023 14:53:09 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
io-viewer.css
link.paysciences.com/IO/css/ 		851 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://link.paysciences.com/IO/css/io-viewer.css
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
44.193.42.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-42-42.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1474b019aa5bcccf59bacb72d0bee5d7384e01a3a7f0d62b5b5773b68f0ee8d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:09 GMT
Last-Modified
Sat, 01 Feb 2020 01:29:24 GMT
Server
Microsoft-IIS/10.0
ETag
"0b2499fd8d51:0"
X-Powered-By
ASP.NET
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
851
plusone.js
apis.google.com/js/ 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0c55684f30ace4a68496baaaeb73bc5c25875ff46287eeaaae8d276738acda6b
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 May 2023 14:53:09 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21024
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"ce210d9b1e0d2299"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 May 2023 14:53:09 GMT
in.js
platform.linkedin.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://platform.linkedin.com/in.js
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2620:1ec:4e:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers
pin_it_button.png
assets.pinterest.com/images/pidgets/
Redirect Chain
  • http://assets.pinterest.com/images/pidgets/pin_it_button.png
  • https://assets.pinterest.com/images/pidgets/pin_it_button.png
909 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.pinterest.com/images/pidgets/pin_it_button.png
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Server
2a04:4e42:8d::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f942d5999c18b372d0c74273c936fce1723b0761e67d56dfa80abac87eff864e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 03 May 2023 14:53:09 GMT
x-cdn
fastly
etag
"cf5ce2d2dcfa060f6032b0af60d45aa2"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-CDN
vary
Origin
cache-control
max-age=86400
alt-svc
h3=":443";ma=600
content-length
909

Redirect headers

Location
https://assets.pinterest.com/images/pidgets/pin_it_button.png
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
css2
fonts.googleapis.com/ 		2 KB
905 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6a0cbb3328d70ee01b6b98c0229ebc40d96e346aacaabd749051fd0f35bf6c3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 May 2023 14:53:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 May 2023 14:23:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 May 2023 14:53:09 GMT
f620856170dd0c8b32bb50181f905dc1
assets.rmvme.com/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b32bb50181f905dc1
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
62bca984785359595fc80fe603e1b972adebe9db8d71f1e9d49afb8bfcf87e72

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGKhP71ktHan0v%2B3K6Xb%2BwrO9wa1fnP1YvxOE%2Fti41fjQcLn%2Bqk9RP1iymgSPe9I9sJ9%2B2saQZjIxuuFVmzAdqmW%2Fj1n735eqHFO6eTzU%2BliLQ16MQ%2F2CXNnhWBIt2Xnpm8yqd4KLSDOLKFvSTBG"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f85e573614-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8bab6574461f0261d1
assets.rmvme.com/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8bab6574461f0261d1
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
2edee1b6ae8feec794317db1d88d848f163ad0cf567c1a08352ba9f91482d0c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPw100vnNUeo8bb7n%2FlCxOd1736m3QLMdAI3WXO%2FdVvgwvHhd1ba8EUfpT3WLM%2BOkc4aAN1eyIAFF6Mn2PmtCG1ompiZUkXD1UkD66960%2F7nPn3CFxa5kQYqrJQ%2B2646YDSJwt4agUCYxnTt%2FFi8"}],"group":"cf-nel","max_age":604800}
Content-Type
image/jpeg
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f85e679bb6-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8b3f78b3fd6dd5b684
assets.rmvme.com/ 		43 B
801 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b3f78b3fd6dd5b684
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
71d66e87a9561f8cc70f06a466a5f75a77aa9cb55e8795e0539c514eff7cf7d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2B5Sz%2BWJnL6Lk7ia0aCPLFuvEEA5WzU0mm1Mmpm0mGCzmDBOHeo6bUg%2FHK8cxHv6a6cdV4H%2FPETCb1Ia6bAncg1PEuO%2FGia0NjUvWK6uBSm3DuQaez2pS%2BW6b61QcUTWdHBplk4XwjiNtyWYXr82"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f85dab19ad-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
43
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8b2ecd4aec81f0621d
assets.rmvme.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b2ecd4aec81f0621d
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
4ca8ff2754a43fa57b8de3dcb515f6378123363eac53f366293a90a8f7639532

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qj73G1jjB5PL8n3PjAJafrE877raeBHgdmChYqS2q3AHsokmYfqhZ5rW5gsTnl9kQAufnEHhyTtChwkXd%2FtFe40E1fEOShQWvcRz3XV5L6OsqXrzM21d1QmFALA3I%2BuUF3m%2Bd5GVd1Ia7V35v%2B%2FY"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954fb1bdd3810-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2082
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8b573d0dbee85a2cd2
assets.rmvme.com/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b573d0dbee85a2cd2
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
717e7e12be819c558d995983b1775d2e23ed2a583d11ef499aba946df1b51bcf

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEP6yrRxn7DYl7HpJX5QADWhZbCtNqFuXD9akwM%2BYYW1q%2FVkIvMXqUX4ay9BpLbPHZGoFpXvkKtMId8Dx%2FnIpwF7Eh3NK%2FDD87pXJD5saUepntKIilcTgEEFWuo%2Bx8figG1uoT%2B9GljZo%2FKDgw0p"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954fb29c019ad-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8b28694eab5a47262f
assets.rmvme.com/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b28694eab5a47262f
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
e9b317adfeff0768f2733416fba3126154e019f25b4bf98399a84918cc5b2a81

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9jq10m1ry25VQ2EObNmQGFFmUJdS4ASclwmrIxHgh33v7HY8YpVnYZrXI0MHF%2FBvesm%2BDJf6UY53POHt3gogxk5vtxbIzE9Nh9zkUM0Nk8U4RDgwUpC5SvhjMlFAQcH49krCLNsE%2FT4fAGw3BDg"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954fb59fc3614-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8b2db11aea529cd479
assets.rmvme.com/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8b2db11aea529cd479
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
dc5625b13e8a047f396ef0bab90956e803ef3495e7b6342dd5da29472a29cd14

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bBFs9DsMVGmPl1IE8s8J0dDhsQxadq%2BTN08oMVmSTHyg5ncF6qVctvfy4CpSVXWTAbTiIFA86KxkpUpE4lzetxQTNMqCaoqvb4O%2FzOgicK%2BE83qvktes86PKMaIgtRzJvwwlJPoDBWLUpmgEcMl2"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f8591c3730-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8bfc8ec1b28ccde74c
assets.rmvme.com/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8bfc8ec1b28ccde74c
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
07395a000703640227dd6ee3c89b32cac917bcff8701ab920f1ab595409858fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdGlBNcRLlZpTxQ%2FoBipqp5xFX9ziXaoT%2Fh%2BzO9cBaCeGtQfpK4ZDHRfTxbeP65GDNYW3dVBUiYfmZprUweaVPUciipylTrdNHni%2FvZpioOonflqCrBpDPF9Y7cSEzppQbtAxlTzOAW9cnS2bAW%2F"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f8587a9028-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
f620856170dd0c8bd72cca65e3093405
assets.rmvme.com/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://assets.rmvme.com/f620856170dd0c8bd72cca65e3093405
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.38
Resource Hash
084a38599287c59d350197023cffa2d5f8538711ac0db39845364aa2e393f213

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
CF-Cache-Status
DYNAMIC
Last-Modified
Wed, 03 May 2023 14:53:10 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8xb1lX3X4eWt6uhUZ%2FI6oyg%2F9oFtSzrp5CUMKgBvCv2EXWPrKEvlKUntBLBZFEwOh9MFZnv%2B4xvwle1NKll2ULzUDD0V9sqaFGlA7%2BKty46vXqcEjSO1sDeJWmo9zw3f%2FeaeG%2B%2BEXeyYUjn62tm"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=3600, must-revalidate
Connection
keep-alive
CF-RAY
7c1954f85f2d3810-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires
Sat, 06 May 2023 14:53:10 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/ 		151 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59243610a886414b10afaf8b1455096b4a684692dd9333c5979917e403c21970
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 00:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136649
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53304
x-xss-protection
0
last-modified
Sat, 01 Apr 2023 15:23:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 May 2024 00:55:40 GMT
all.js
connect.facebook.net/de_DE/
Redirect Chain
  • http://connect.facebook.net/de_DE/all.js
  • https://connect.facebook.net/de_DE/all.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/de_DE/all.js
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
deeb6cf078f3b6ddd53000fec50a562010c67f9b8555c69d14075b2b519c7b86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 May 2023 14:53:09 GMT
content-md5
69ay9zCT0hgMC/dJNI7Fkw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
BIv88x/mkHCzCzeqiitHesGSFbrqSqI9Qzahn12Ev6Or7X61D0XCzAung6zzWkr0iLU/OSTDCZjlpSv6/gtjVw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
x-fb-content-md5
8493cb69f1ea3d823870e895e9c19495
cross-origin-opener-policy
same-origin-allow-popups
etag
"48aa98100501e379dff31cdd7e9be1d0"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
x-frame-options
DENY
timing-allow-origin
*
expires
Wed, 03 May 2023 14:57:41 GMT

Redirect headers

Location
https://connect.facebook.net/de_DE/all.js#xfbml=1&appId=197498640292688
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
widgets.js
platform.twitter.com/ 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://platform.twitter.com/widgets.js
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
HTTP/1.1
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D3) /
Resource Hash
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:09 GMT
Content-Encoding
gzip
Age
378
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27630
Last-Modified
Tue, 24 Jan 2023 21:41:51 GMT
Server
ECS (frb/67D3)
Etag
"9e99725b7a4cd730a934afba2a438bb5+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
viewer-band-bg.png
link.paysciences.com/IO/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://link.paysciences.com/IO/img/viewer-band-bg.png
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/css/io-viewer.css
Protocol
HTTP/1.1
Server
44.193.42.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-42-42.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9114afb896563696fdb57ef685154469ad41fe40c5312b26095a6f6e3b566d48

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/IO/css/io-viewer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:09 GMT
Last-Modified
Sat, 01 Feb 2020 01:29:24 GMT
Server
Microsoft-IIS/10.0
ETag
"0b2499fd8d51:0"
X-Powered-By
ASP.NET
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1129
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://link.paysciences.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 05:52:39 GMT
x-content-type-options
nosniff
age
378030
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 05:52:39 GMT
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@400;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://link.paysciences.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 17:29:29 GMT
x-content-type-options
nosniff
age
336220
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8000
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:59:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 17:29:29 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/ 		102 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/cb=gapi.loaded_1?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b694a435662d340a59d6a2ddcad6d7209137bd07cbb465eee8e0eb94543410c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 00:55:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136649
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36102
x-xss-protection
0
last-modified
Sat, 01 Apr 2023 15:23:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 May 2024 00:55:40 GMT
/
developers.google.com/ Frame 6DEF
Redirect Chain
  • https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&origin=http%3A%2F%2Flink.paysciences.com&url=https%3A%2F%2Fclientlink.directiq.com%2FSOCIAL2%2F3606b272-38d6-4619-9941-fa87e4d...
  • http://developers.google.com/
  • https://developers.google.com/
  • https://developers.google.com/?hl=de
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://developers.google.com/?hl=de
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-7axudri/ex6kL76eAaF4zYoj8ca9t5' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://link.paysciences.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
30776
content-security-policy
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-7axudri/ex6kL76eAaF4zYoj8ca9t5' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
content-type
text/html; charset=utf-8
date
Wed, 03 May 2023 14:53:10 GMT
expires
0
last-modified
Thu, 27 Apr 2023 22:03:59 GMT
pragma
no-cache
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-cloud-trace-context
b599f69f288bf8cc10401b77e2d71b3e
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
163
content-security-policy
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-IobnAnpySdSa0dmTWaP9m9me5uWbGD' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2
content-type
text/html; charset=utf-8
date
Wed, 03 May 2023 14:53:10 GMT
expires
0
location
/?hl=de
pragma
no-cache
server
Google Frontend
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-cloud-trace-context
b8ef5273b5babed4fea19a98e768b405
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html
platform.twitter.com/widgets/ Frame E0D7 		320 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Flink.paysciences.com
Requested by
Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6794) /
Resource Hash
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer
http://link.paysciences.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
408049
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105435
Content-Type
text/html; charset=utf-8
Date
Wed, 03 May 2023 14:53:09 GMT
Etag
"95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified
Tue, 24 Jan 2023 21:41:13 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6794)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
postmessageRelay
accounts.google.com/o/oauth2/ Frame 4ACF 		566 B
810 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Flink.paysciences.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/cb=gapi.loaded_1?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
69e00531d25d6e69f35530c4b32b926dd739f256eefe6b76735d980aab8590c6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-dwKcS_EV2kqlyQIRRhaNUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport require-trusted-types-for 'script';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://link.paysciences.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-dwKcS_EV2kqlyQIRRhaNUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport require-trusted-types-for 'script';report-uri /o/cspreport
content-type
text/html; charset=utf-8
date
Wed, 03 May 2023 14:53:09 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
all.js
connect.facebook.net/de_DE/ 		308 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/de_DE/all.js?hash=ca0647dc3fca5b9fc55849dda800406a
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/de_DE/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
203b53585a03e1b5afb6753c7119647b84929977e0c698b590dd61aa358917a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://link.paysciences.com/
Origin
http://link.paysciences.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 May 2023 14:53:09 GMT
content-md5
KgzMKOwOYI5hlZoo/xH8mg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88586
x-fb-rlafr
0
x-fb-debug
62B0OAKKk77G/E8IYJHnqhsoDFRtwVzgI/ar4KbQ9TS9LL2eFZ938gTD1VbeVErxODhgul1jTVAIxfKtfKXBrg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
a11e0057c39533fb3b836bf83684c624
cross-origin-opener-policy
same-origin-allow-popups
etag
"c694e23d489c31077bbd2c8579f26512"
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Thu, 02 May 2024 12:23:58 GMT
cspreport
accounts.google.com/o/ Frame 4ACF 		0
250 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/cspreport
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-dLW1y9JsYl8pP2LG0o43ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Flink.paysciences.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Wed, 03 May 2023 14:53:10 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /o/cspreport, script-src 'report-sample' 'nonce-dLW1y9JsYl8pP2LG0o43ZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
3698212825-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame 4ACF 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/3698212825-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Flink.paysciences.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
37acf5f6aa181790c9f46f7a25b5c89ecc46c35603b9b62c3086228faf72b26d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 09:52:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
104455
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5184
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 12:18:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 May 2024 09:52:15 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame 4ACF 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Flink.paysciences.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.de.quWKHAGG1QE.O%2Fd%3D1%2Frs%3DAHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c1112a1329527e451ddcb914e1665d0eeb29bba8efeb2a0ec648f5e558545e08
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 03 May 2023 14:53:09 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6902
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"a380feb722bdbed2"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 03 May 2023 14:53:09 GMT
settings
syndication.twitter.com/ Frame E0D7 		869 B
659 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=4f2f8b78fe8c0e2672b26b5c1110911c06b5a3fe
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=http%3A%2F%2Flink.paysciences.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time
108
date
Wed, 03 May 2023 14:53:09 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Wed, 03 May 2023 14:53:10 GMT
server
tsa_o
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
6aede4f8eb122b79
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
7bbe4d3f03c397cb9d697a06eec99c6e3c539b027dd08323492dc7457de760c8
content-length
337
status
www.facebook.com/x/oauth/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/x/oauth/status?client_id=197498640292688&input_token&origin=1&redirect_uri=http%3A%2F%2Flink.paysciences.com%2FIO%2Fviewer3.aspx%3Fsid%3D00ab0c02iwopma2xmi2wkip&sdk=joey&wants_cookie_data=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/all.js?hash=ca0647dc3fca5b9fc55849dda800406a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
date
Wed, 03 May 2023 14:53:10 GMT
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
Ltz80xDzVVK5epcQeQNhk2qfyVmp7DLL4IjGhliV24/t65LSuv6SrIKyfFgB39p09QNvR3jKNT+0O5TFKzxFkw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
fb-s
unknown
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://link.paysciences.com
origin-agent-cluster
?0
access-control-expose-headers
fb-s
fb-error-description
"This endpoint may only be called from an HTTPS Origin."
access-control-allow-credentials
true
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/ Frame 4ACF 		57 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.quWKHAGG1QE.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-FBhA1aZ_gWZ06fFcx8vCwNNGKoQ/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
484dcabfc0c1681e08e9620b7eb4f217625a607afaaa14fe32909f029de30100
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Tue, 02 May 2023 22:40:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
58355
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20758
x-xss-protection
0
last-modified
Sat, 01 Apr 2023 15:23:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 01 May 2024 22:40:35 GMT
button.e7f9415a2e000feaab02c86dd5802747.js
platform.twitter.com/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by
Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F2) /
Resource Hash
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Wed, 03 May 2023 14:53:10 GMT
Content-Encoding
gzip
Age
408048
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
2618
Last-Modified
Tue, 24 Jan 2023 21:41:06 GMT
Server
ECS (frb/67F2)
Etag
"506673dbdb9085e7201e137e893cc152+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=315360000
tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
platform.twitter.com/widgets/ Frame 4373 		37 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by
Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F2) /
Resource Hash
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer
http://link.paysciences.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
408050
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
13592
Content-Type
text/html; charset=utf-8
Date
Wed, 03 May 2023 14:53:10 GMT
Etag
"28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified
Tue, 24 Jan 2023 21:41:10 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67F2)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
embeds
syndication.twitter.com/i/jot/ 		43 B
126 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Flink.paysciences.com%2FIO%2Fviewer3.aspx%3Fsid%3D00ab0c02iwopma2xmi2wkip%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1683125590204%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=4f2f8b78fe8c0e2672b26b5c1110911c06b5a3fe
Requested by
Host: link.paysciences.com
URL: http://link.paysciences.com/IO/viewer3.aspx?sid=00ab0c02iwopma2xmi2wkip
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://link.paysciences.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-response-time
104
date
Wed, 03 May 2023 14:53:10 GMT
strict-transport-security
max-age=631138519
last-modified
Wed, 03 May 2023 14:53:10 GMT
server
tsa_o
vary
Origin
content-type
image/gif
x-transaction-id
2626605c81d121f5
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
7bbe4d3f03c397cb9d697a06eec99c6e3c539b027dd08323492dc7457de760c8
content-length
43
truncated
/ Frame 4373 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/svg+xml
like.php
www.facebook.com/plugins/ Frame 8535 		0
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?action=recommend&app_id=197498640292688&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c750477c2afb8%26domain%3Dlink.paysciences.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Flink.paysciences.com%252Ff2ec9f9a9ed9c0c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fclientlink.directiq.com%2FSOCIALFB2%2F3606b272-38d6-4619-9941-fa87e4d4aa5a&layout=button_count&locale=de_DE&sdk=joey&send=true&show_faces=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/all.js?hash=ca0647dc3fca5b9fc55849dda800406a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://link.paysciences.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-length
0
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html;charset=utf-8
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 03 May 2023 14:53:11 GMT
expires
Sat, 01 Jan 2000 00:00:00 GMT
pragma
no-cache
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options
nosniff
x-fb-debug
/pgvlX32Q0D3J3Auzw6bjcg0sYtO9rzIySvho+v6sSjjJTKYsqDube00Z7k4UdoIiYCW02eJBUJgYGuBGF/2PQ==
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 boolean| credentialless object| gapi object| ___jsl object| __twttrll object| twttr object| __twttr object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| FB object| __buffer

1 Cookies

Domain/Path Name / Value
link.paysciences.com/ Name: ASP.NET_SessionId
Value: aqxao0n2q0pgpbo03kr2cyl3

3 Console Messages

Source Level URL
Text
network error URL: http://platform.linkedin.com/in.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://developers.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
assets.pinterest.com
assets.rmvme.com
connect.facebook.net
developers.google.com
fonts.googleapis.com
fonts.gstatic.com
link.paysciences.com
platform.linkedin.com
platform.twitter.com
ssl.gstatic.com
syndication.twitter.com
www.facebook.com
104.244.42.200
2606:2800:234:59:254c:406:2366:268c
2620:1ec:4e:1::44
2a00:1450:4001:809::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:813::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:831::200d
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:8d::84
2a06:98c1:3121::3
44.193.42.42
07395a000703640227dd6ee3c89b32cac917bcff8701ab920f1ab595409858fe
084a38599287c59d350197023cffa2d5f8538711ac0db39845364aa2e393f213
0c55684f30ace4a68496baaaeb73bc5c25875ff46287eeaaae8d276738acda6b
1474b019aa5bcccf59bacb72d0bee5d7384e01a3a7f0d62b5b5773b68f0ee8d3
203b53585a03e1b5afb6753c7119647b84929977e0c698b590dd61aa358917a2
2edee1b6ae8feec794317db1d88d848f163ad0cf567c1a08352ba9f91482d0c4
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
37acf5f6aa181790c9f46f7a25b5c89ecc46c35603b9b62c3086228faf72b26d
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
484dcabfc0c1681e08e9620b7eb4f217625a607afaaa14fe32909f029de30100
4ca8ff2754a43fa57b8de3dcb515f6378123363eac53f366293a90a8f7639532
59243610a886414b10afaf8b1455096b4a684692dd9333c5979917e403c21970
62bca984785359595fc80fe603e1b972adebe9db8d71f1e9d49afb8bfcf87e72
69e00531d25d6e69f35530c4b32b926dd739f256eefe6b76735d980aab8590c6
6a0cbb3328d70ee01b6b98c0229ebc40d96e346aacaabd749051fd0f35bf6c3a
717e7e12be819c558d995983b1775d2e23ed2a583d11ef499aba946df1b51bcf
71d66e87a9561f8cc70f06a466a5f75a77aa9cb55e8795e0539c514eff7cf7d3
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
80ad579c1844d9eb801ee1565b9e5812a44fec6fd345c758e216491f6956b061
9114afb896563696fdb57ef685154469ad41fe40c5312b26095a6f6e3b566d48
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b694a435662d340a59d6a2ddcad6d7209137bd07cbb465eee8e0eb94543410c4
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c1112a1329527e451ddcb914e1665d0eeb29bba8efeb2a0ec648f5e558545e08
dc5625b13e8a047f396ef0bab90956e803ef3495e7b6342dd5da29472a29cd14
deeb6cf078f3b6ddd53000fec50a562010c67f9b8555c69d14075b2b519c7b86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b317adfeff0768f2733416fba3126154e019f25b4bf98399a84918cc5b2a81
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f942d5999c18b372d0c74273c936fce1723b0761e67d56dfa80abac87eff864e