urlscan.io logo urlscan.io
SecurityTrails logo

replacementwindowsusa.com Open in urlscan Pro
50.28.1.120  Public Scan

Go To Rescan Add Verdict Report
URL: https://replacementwindowsusa.com/
Submission Tags: @phishunt_io
Submission: On January 12 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 14 domains to perform 27 HTTP transactions. The main IP is 50.28.1.120, located in United States and belongs to LIQUIDWEB, US. The main domain is replacementwindowsusa.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 11th 2022. Valid for: 3 months.
This is the only time replacementwindowsusa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    50.28.1.120 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: host.honestinsite.com
replacementwindowsusa.com
1    2606:4700:3034::6815:4e03 (United States)

ASN13335 (CLOUDFLARENET, US)
walkintubadvice.com
2    2606:4700:3037::6815:4e07 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:3036::6815:54fd (United States)

ASN13335 (CLOUDFLARENET, US)
comparehvacexperts.com
3    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:10::6816:26b6 (United States)

ASN13335 (CLOUDFLARENET, US)
create.lidstatic.com
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
5    52.204.158.147 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-158-147.compute-1.amazonaws.com
create.leadid.com
1    13.225.84.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-125.fra2.r.cloudfront.net
d2m2wsoho8qq12.cloudfront.net
1    52.22.129.35 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-129-35.compute-1.amazonaws.com
deviceid.trueleadid.com
Apex Domain
Subdomains		 Transfer
5 leadid.com
create.leadid.com — Cisco Umbrella Rank: 11837
3 KB
5 gstatic.com
fonts.gstatic.com
www.gstatic.com
61 KB
5 replacementwindowsusa.com
replacementwindowsusa.com
57 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 33
20 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 844
86 KB
1 trueleadid.com
deviceid.trueleadid.com — Cisco Umbrella Rank: 1932
2 KB
1 cloudfront.net
d2m2wsoho8qq12.cloudfront.net
2 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6151
565 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 97
513 B
1 lidstatic.com
create.lidstatic.com — Cisco Umbrella Rank: 20666
39 KB
1 comparehvacexperts.com
comparehvacexperts.com
315 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
46 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37
1 KB
1 walkintubadvice.com
walkintubadvice.com
13 KB
27 14
Domain Requested by
5 create.leadid.com create.lidstatic.com
deviceid.trueleadid.com
5 replacementwindowsusa.com replacementwindowsusa.com
3 fonts.gstatic.com fonts.googleapis.com
2 www.gstatic.com www.googletagmanager.com
www.gstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 use.fontawesome.com replacementwindowsusa.com
use.fontawesome.com
1 deviceid.trueleadid.com d2m2wsoho8qq12.cloudfront.net
1 d2m2wsoho8qq12.cloudfront.net create.lidstatic.com
1 www.google.de replacementwindowsusa.com
1 www.googleadservices.com 1 redirects
1 create.lidstatic.com replacementwindowsusa.com
1 comparehvacexperts.com replacementwindowsusa.com
1 www.googletagmanager.com replacementwindowsusa.com
1 fonts.googleapis.com replacementwindowsusa.com
1 walkintubadvice.com replacementwindowsusa.com
27 15

This site contains links to these domains. Also see Links.

Domain
optinconfirmations.com
Subject Issuer Validity Valid
replacementwindowsusa.com
cPanel, Inc. Certification Authority		 2022-01-11 -
2022-04-11		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-30 -
2022-07-29		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-29 -
2022-02-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
lidstatic.com
Cloudflare Inc ECC CA-3		 2021-04-30 -
2022-04-29		 a year crt.sh
create.leadid.com
Amazon		 2021-10-22 -
2022-11-19		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
deviceid.trueleadid.com
Amazon		 2022-01-07 -
2023-02-05		 a year crt.sh

This page contains 3 frames:

Primary Page: https://replacementwindowsusa.com/
Frame ID: F8233FBB842A59866AC4C3EDE1081E92
Requests: 24 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Frame ID: 95208CB04C04BC9E55F63DD39B166781
Requests: 1 HTTP requests in this frame

Frame: https://deviceid.trueleadid.com/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Frame ID: CDD99B00A71D2F7CD6745CEFC8CD111A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Replacement Windows USA

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js

Page Statistics

27
Requests

96 %
HTTPS

67 %
IPv6

14
Domains

15
Subdomains

14
IPs

2
Countries

645 kB
Transfer

1156 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://www.googleadservices.com/pagead/conversion/616925330/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC&ct_eid=2 HTTP 302
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
replacementwindowsusa.com/ 		10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
50.28.1.120 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.honestinsite.com
Software
Apache /
Resource Hash
bbfefcedf78c0b3a2ca4c83aeeb67d76262aa665e263201f50d5f90a36631b8e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
server
Apache
cache-control
max-age=600
expires
Wed, 12 Jan 2022 19:06:57 GMT
vary
Accept-Encoding
content-encoding
br
content-length
2596
content-type
text/html; charset=UTF-8
bootstrap.css
replacementwindowsusa.com/css/ 		206 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://replacementwindowsusa.com/css/bootstrap.css
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
50.28.1.120 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.honestinsite.com
Software
Apache /
Resource Hash
c0dbc79c475991a64136a90ee18385efb77821a24583782dc0052a28df9704a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
content-encoding
br
last-modified
Tue, 11 Jan 2022 20:18:25 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
22802
expires
Fri, 11 Feb 2022 18:56:57 GMT
custom3.css
replacementwindowsusa.com/css/ 		1 KB
611 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://replacementwindowsusa.com/css/custom3.css
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
50.28.1.120 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.honestinsite.com
Software
Apache /
Resource Hash
dd7dc6a90fb749f2d571b68d622a49e26d3f0b89d4693f4a42a5571e9de0ca52

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
content-encoding
br
last-modified
Tue, 11 Jan 2022 20:18:25 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
507
expires
Fri, 11 Feb 2022 18:56:57 GMT
all.css
walkintubadvice.com/fontawesome/css/ 		69 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://walkintubadvice.com/fontawesome/css/all.css
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4e03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Mon, 10 Feb 2020 16:47:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8SlQvr15M4rNqVafx1olEW2cnY93i7Z94UTvihDpkj9KeC4F6jFH7IaH9kVwnjTRqdQ0SuTClOTuRGufB2ULUkuRKEisPYe%2ByXS131Ef88JCu8XozJDCMtdRx%2B9HazqlXQlscoXqDjBXe%2FQRRrUPgTN"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6cc89b99183115c3-EWR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Fri, 11 Feb 2022 18:56:57 GMT
all.css
use.fontawesome.com/releases/v5.8.1/css/ 		54 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

Referer
https://replacementwindowsusa.com/
Origin
https://replacementwindowsusa.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
BJR8DM05STATSFZ2
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-id-2
TXPmye3/dFQ+9O3h/6xxWsoGA9Cm4YiN588KO35eo/Zs5Zu4rUwITfAdn/ZLsnept4pO4z191hU=
last-modified
Wed, 30 Jun 2021 15:46:39 GMT
server
cloudflare
etag
W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdu8kesk%2FXD15crGblG4S4O%2BL2s0eggRanfH7xQGcpYwMtT6KxcssDAmN1t20zyN4qIqoh8zHvtUwy5dpqJshR4PHaOHF34FMVBVeSSF7ykygBB8Q9cTg2ARfKZB038MCYxe7bI0YaXcUl8t%2Fd9riT6%2B"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
6cc89b97d83c755a-LHR
logo.png
replacementwindowsusa.com/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://replacementwindowsusa.com/images/logo.png
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
50.28.1.120 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.honestinsite.com
Software
Apache /
Resource Hash
281745d02ecd9da3f2adaaed06841ad80fc94c4db8f3ddd23a319f5c37270989

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:57 GMT
last-modified
Tue, 11 Jan 2022 20:18:26 GMT
server
Apache
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
13529
expires
Fri, 11 Feb 2022 18:56:57 GMT
secure.png
replacementwindowsusa.com/images/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://replacementwindowsusa.com/images/secure.png
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
50.28.1.120 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
host.honestinsite.com
Software
Apache /
Resource Hash
ad152562fa9884ff4b170771c422782ed61be026f983260faad700fac2575e23

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
last-modified
Tue, 11 Jan 2022 20:18:26 GMT
server
Apache
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
18023
expires
Fri, 11 Feb 2022 18:56:58 GMT
css
fonts.googleapis.com/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/css/bootstrap.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8490874156eb6225f8708a36b29078bf94f35c31e90fbb5143c18c4335eb211f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 17:30:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 12 Jan 2022 18:56:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 12 Jan 2022 18:56:57 GMT
gtm.js
www.googletagmanager.com/ 		117 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W7FBB2Z
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b93e852878e83e6da82d5e93f2049f2b88c332256baa71e858760d9a06bb2774
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46137
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 12 Jan 2022 18:56:58 GMT
hvacbk.jpg
comparehvacexperts.com/images/ 		314 KB
315 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://comparehvacexperts.com/images/hvacbk.jpg
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/css/custom3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:54fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3ca92594847cac8137a708d613418fbc13eef77dc0c1eeacfaa0e2b88b3a2c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
cf-cache-status
MISS
last-modified
Mon, 15 Jun 2020 16:00:37 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0zXo4t%2F2eywj4ov5HXRh%2BKPluwmSm2oKgzUo06RZHH%2FAlrg5xShJImXXupYj6QvfmquMp3pA7AVm0UVpxMG5AeX0e%2B0KRY3mw2V3U%2F4j1naua7yZb2WZmbrwbteywPu4Xhyau47l0p0qUuT5oWs70774oY7"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
6cc89b9b2abb7750-LHR
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
321053
expires
Fri, 11 Feb 2022 18:56:58 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:4e07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe

Request headers

Referer
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Origin
https://replacementwindowsusa.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
E9C4YV095KMDPYKY
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
74256
x-amz-id-2
3tTK+EGinzcFf4AmRZcaMfvtcjl5eHfU3F04IoTik9tsCl6phvdgIsAyV3SiSQwks2vpFicWG94=
last-modified
Wed, 30 Jun 2021 15:47:00 GMT
server
cloudflare
etag
"418dad87601f9c8abd0e5798c0dc1feb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuLwC2UtWZB43RU3RfQlqI3aMdF7kmgxiEcHdHzVdFHVU2H3hcJDdaYGXw91wcgz4b2lEfiNRfgS%2Fx0esTL7U%2FLiCg7%2FeFbnxXhqhPnNMGohdANJRtPHjdQqOWPYB0OlLvVPXZ2jOnjQK2w3sS2hr5aY"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
6cc89b9a8d6f755a-LHR
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://replacementwindowsusa.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 11:22:37 GMT
x-content-type-options
nosniff
age
27261
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13080
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:26 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 12 Jan 2023 11:22:37 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://replacementwindowsusa.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 05:43:33 GMT
x-content-type-options
nosniff
age
47605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13008
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 12 Jan 2023 05:43:33 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d14a3a656216743eb1e133b5af93d6eaa98c6260b411a01894323e62166f80f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://replacementwindowsusa.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 11 Jan 2022 03:54:20 GMT
x-content-type-options
nosniff
age
140558
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12936
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:32 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 11 Jan 2023 03:54:20 GMT
c5f34cbb-c699-8877-a439-3f8db29a8ba4.js
create.lidstatic.com/campaign/ 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:26b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1ec85df845902ca575b56240e9101014402e00ffa9849df62d881ce9ddf16f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 12 Nov 2021 01:07:39 GMT
server
cloudflare
x-amz-request-id
E9CDAMSS3Z32KAB4
etag
W/"6af99176662a8eccb8f152d6f74c5c3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=1800
x-amz-replication-status
COMPLETED
cf-ray
6cc89b9b3cfc695d-FRA
x-amz-version-id
rRE4WZVecDZABH8p82b5PP3QDlzsaV8T
x-amz-id-2
6WkEHJpygKSleHzFEQyYPV5Vy4qfa3TwsxncGQfyY6x4PXwPPkJpDR1p2pL5h5krCCnaVibTOaY=
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FBB2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6952
date
Wed, 12 Jan 2022 17:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 12 Jan 2022 19:01:06 GMT
loader.js
www.gstatic.com/wcm/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W7FBB2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:15:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
2479
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
last-modified
Mon, 15 Mar 2021 16:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 12 Jan 2022 19:15:39 GMT
call-tracking_7.js
www.gstatic.com/call-tracking/ 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/call-tracking/call-tracking_7.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 07 Jan 2022 04:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
484989
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21020
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 22:45:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-telephony"
vary
Accept-Encoding
report-to
{"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 07 Jan 2023 04:13:49 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=34143080&t=pageview&_s=1&dl=https%3A%2F%2Freplacementwindowsusa.com%2F&ul=en-us&de=UTF-8&dt=Replacement%20Windows%20USA&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=430749954&gjid=575605876&cid=1017456869.1642013818&tid=UA-46895927-22&_gid=176439333.1642013818&_r=1&gtm=2wg1a0W7FBB2Z&z=959476459
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://replacementwindowsusa.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 12 Jan 2022 18:56:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://replacementwindowsusa.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
wcm
www.google.de/pagead/attribution/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/616925330/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC&ct_eid=2
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC
80 B
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC
Requested by
Host: replacementwindowsusa.com
URL: https://replacementwindowsusa.com/
Protocol
H2
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:56:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
application/json; charset=UTF-8
access-control-allow-origin
null
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87
x-xss-protection
0

Redirect headers

timing-allow-origin
*
date
Wed, 12 Jan 2022 18:56:58 GMT
x-content-type-options
nosniff
server
cafe
location
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8337570485&cl=v7eJCIGOu9YBEJKRlqYC
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
https://replacementwindowsusa.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
GenerateToken
create.leadid.com/2.11.9/ 		36 B
660 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/GenerateToken?msn=1&pid=3c4a30f1-78fb-4542-9e0d-fb5c4787f1bd&_=61486940
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.158.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-158-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d0bc18babac99be94877a3c9ff3ddf9ba6fed4f4ab05ed6fc95523402e050d6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://replacementwindowsusa.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Jan 2022 18:56:59 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 9520 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-125.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3ad82a69faf9ec1b298a080ce5974322a33cc501e1455071cf8db58c7f2462f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://replacementwindowsusa.com/

Response headers

Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Last-Modified
Fri, 19 Nov 2021 20:21:09 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Max-Age
1728000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
P3P
CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Content-Encoding
gzip
Date
Wed, 12 Jan 2022 06:39:09 GMT
ETag
W/"61980735-dbb"
X-Cache
Hit from cloudfront
Via
1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
X-Amz-Cf-Id
D1PHGa-5lI_UJkhWGG0xJb3DKjwEEAUoloXhWcseqC96U3pRRi56Nw==
Age
55066
SaveDom
create.leadid.com/2.11.9/ 		0
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/SaveDom?msn=2&pid=3c4a30f1-78fb-4542-9e0d-fb5c4787f1bd&token=537D1095-57AD-8459-1F3B-A1914E18E638&_=61486941
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.158.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-158-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://replacementwindowsusa.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Jan 2022 18:56:59 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
InitFormData
create.leadid.com/2.11.9/ 		0
623 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/InitFormData?msn=3&pid=3c4a30f1-78fb-4542-9e0d-fb5c4787f1bd&token=537D1095-57AD-8459-1F3B-A1914E18E638&_=61486942
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.158.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-158-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://replacementwindowsusa.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Jan 2022 18:56:59 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
iframe.html
deviceid.trueleadid.com/ Frame CDD9 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://deviceid.trueleadid.com/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Requested by
Host: d2m2wsoho8qq12.cloudfront.net
URL: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.129.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-22-129-35.compute-1.amazonaws.com
Software
nginx /
Resource Hash
602ea48b7fd2a48e702e43825b0d6f6495f78cb4cc1fa24cb8c95f61e014215a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://d2m2wsoho8qq12.cloudfront.net/

Response headers

date
Wed, 12 Jan 2022 18:56:59 GMT
content-type
text/html
server
nginx
last-modified
Fri, 31 Dec 2021 14:51:34 GMT
etag
W/"61cf18f6-1049"
expires
Thu, 13 Jan 2022 18:56:59 GMT
cache-control
max-age=86400 public
p3p
CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
content-encoding
gzip
Snap
create.leadid.com/2.11.9/ 		0
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/Snap?msn=4&pid=3c4a30f1-78fb-4542-9e0d-fb5c4787f1bd&token=537D1095-57AD-8459-1F3B-A1914E18E638&_=61486943
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c5f34cbb-c699-8877-a439-3f8db29a8ba4.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.158.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-158-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://replacementwindowsusa.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Jan 2022 18:57:00 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
SaveDeviceId.js
create.leadid.com/2.11.9/ Frame CDD9 		0
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/SaveDeviceId.js?lac=513B5E2E-DA56-11E1-B447-22000A1DBECD&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&methods=48&token=537D1095-57AD-8459-1F3B-A1914E18E638&uuid=4eef16647aad4bba808fb3fa9ec8e9e5
Requested by
Host: deviceid.trueleadid.com
URL: https://deviceid.trueleadid.com/iframe.html?token=537D1095-57AD-8459-1F3B-A1914E18E638&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C5F34CBB-C699-8877-A439-3F8DB29A8BA4&lac=513B5E2E-DA56-11E1-B447-22000A1DBECD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.158.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-158-147.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://deviceid.trueleadid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 12 Jan 2022 18:57:00 GMT
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onsecuritypolicyviolation object| onslotchange object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| _googWcmImpl string| _googWcmAk object| gaplugins object| gaGlobal object| gaData function| _googWccDebug function| _googCallTrackingImpl function| _gaPhoneImpl string| google_wcc_status object| LeadiDconfig object| LeadiD string| label string| id boolean| sensitiveData object| defaultStyleFrame

6 Cookies

Domain/Path Name / Value
.replacementwindowsusa.com/ Name: _gcl_au
Value: 1.1.1109133903.1642013818
.replacementwindowsusa.com/ Name: _ga
Value: GA1.2.1017456869.1642013818
.replacementwindowsusa.com/ Name: _gid
Value: GA1.2.176439333.1642013818
.replacementwindowsusa.com/ Name: _gat_UA-46895927-22
Value: 1
replacementwindowsusa.com/ Name: leadid_token-513B5E2E-DA56-11E1-B447-22000A1DBECD-C5F34CBB-C699-8877-A439-3F8DB29A8BA4
Value: 537D1095-57AD-8459-1F3B-A1914E18E638
.deviceid.trueleadid.com/ Name: uuid
Value: 4eef16647aad4bba808fb3fa9ec8e9e5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

comparehvacexperts.com
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
deviceid.trueleadid.com
fonts.googleapis.com
fonts.gstatic.com
replacementwindowsusa.com
use.fontawesome.com
walkintubadvice.com
www.google-analytics.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
13.225.84.125
142.250.184.226
2606:4700:10::6816:26b6
2606:4700:3034::6815:4e03
2606:4700:3036::6815:54fd
2606:4700:3037::6815:4e07
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::200a
50.28.1.120
52.204.158.147
52.22.129.35
05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88
0d14a3a656216743eb1e133b5af93d6eaa98c6260b411a01894323e62166f80f
281745d02ecd9da3f2adaaed06841ad80fc94c4db8f3ddd23a319f5c37270989
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
602ea48b7fd2a48e702e43825b0d6f6495f78cb4cc1fa24cb8c95f61e014215a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8
8490874156eb6225f8708a36b29078bf94f35c31e90fbb5143c18c4335eb211f
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
ad152562fa9884ff4b170771c422782ed61be026f983260faad700fac2575e23
b3ca92594847cac8137a708d613418fbc13eef77dc0c1eeacfaa0e2b88b3a2c7
b93e852878e83e6da82d5e93f2049f2b88c332256baa71e858760d9a06bb2774
bbfefcedf78c0b3a2ca4c83aeeb67d76262aa665e263201f50d5f90a36631b8e
c0dbc79c475991a64136a90ee18385efb77821a24583782dc0052a28df9704a2
d0bc18babac99be94877a3c9ff3ddf9ba6fed4f4ab05ed6fc95523402e050d6e
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
dd7dc6a90fb749f2d571b68d622a49e26d3f0b89d4693f4a42a5571e9de0ca52
e1ec85df845902ca575b56240e9101014402e00ffa9849df62d881ce9ddf16f7
e3ad82a69faf9ec1b298a080ce5974322a33cc501e1455071cf8db58c7f2462f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df