returnsandrefund.com Open in urlscan Pro
3.127.76.126  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://cdn-1.returnsandrefund.com/ HTTP 301
   https://returnsandrefund.com/ Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1

Request Chain 87

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YLoq010Pv-Y0P2ZRl.sV.gAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1&google_hm=2

Request Chain 88

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEN8BnnxQnx-l42oUeTufrTM&google_cver=1

Request Chain 89

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI3ODU0NDA3ODgwODgzMTM3MQ%3D%3D

Request Chain 102

• https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEN8M17x5m2ruH39KjWRbBms&google_cver=1&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ_JgNw-PZ-ptM HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ_JgNw-PZ-ptM

Request Chain 103

• https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEHE-5bYw5LIDoSOjem1RkRQ&google_cver=1&google_push=AQvitUKO2TnNerzkPd3b2so8qmQBYpd0GXHUaTiBKCH1cfr-8vsayWKpLHrHAMgYlCD6ZJXAuniqW1EJotwDKw43DhvEI4nCh3F1 HTTP 302
• https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEHE-5bYw5LIDoSOjem1RkRQ&google_cver=1&google_push=AQvitUKO2TnNerzkPd3b2so8qmQBYpd0GXHUaTiBKCH1cfr-8vsayWKpLHrHAMgYlCD6ZJXAuniqW1EJotwDKw43DhvEI4nCh3F1&s_h=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=kal3VYPESEOqHOkBMq2R_g&gdpr=1&gdpr_consent=

Request Chain 104

• https://ads.travelaudience.com/google_pixel?google_gid=CAESEOR1rCTtEx67G6c-NB0S-zs&google_cver=1&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla7If4RLYYm64 HTTP 307
• https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ExzPCgztTtGNIZFl5tzPDQ2&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla7If4RLYYm64

Request Chain 105

• https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIUkUp83pkCNMTs-45E8HUQ&google_cver=1&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_ HTTP 302
• https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIUkUp83pkCNMTs-45E8HUQ&google_cver=1&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_ HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_&google_hm=IL-zSczZQ5GDLgqZbcHLpg==

Request Chain 106

• https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEDg9JZGlJXmeG59ic9IsldE&google_cver=1&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZxyIcea-sZCYkZoOmZwpw28uRzs3arTR HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZxyIcea-sZCYkZoOmZwpw28uRzs3arTR&google_hm=QWp0YU1jWlpadEstNHl2THhtV05vcnc=

Request Chain 107

• https://rtb.openx.net/sync/dds?google_gid=CAESECzQX0aKrdUMMnXvZwt6Je0&google_cver=1&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX HTTP 302
• https://rtb.openx.net/sync/dds?google_gid=CAESECzQX0aKrdUMMnXvZwt6Je0&google_cver=1&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&ox_sc=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&google_hm=Z5_LAMHKyw8k14gy_mPxfQ==

Request Chain 127

• https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMndI5DocHHoJY3na-7dC3g&google_cver=1

Request Chain 128

• https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTRhNjkyZjYtYTEzYi0yYzg1LWQ3NDMtOWUzY2U3OTgwNWE3

Request Chain 129

• https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
• https://sync.teads.tv/um?eid=3&uid=CAESEI8KGf5CPPThaE-rSmpctrE&google_cver=1

Request Chain 130

• https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MDU2NzIxZWEwN2RlMDBmMDY5Nzg4NWExMTBmZGMyYjFmMGVlMTE3Ng==

Request Chain 140

• https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEN8M17x5m2ruH39KjWRbBms&google_cver=1&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdfIxyOQSN97gCvxQ HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=aylguirTTwCA7LoTyKCcXw&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdfIxyOQSN97gCvxQ

Request Chain 141

• https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAgk2f8B_lJMB7sKHfjeIXI&google_cver=1&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79Ddm50upQd2y38Rg_Geg HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79Ddm50upQd2y38Rg_Geg&google_hm=h6zYUV8tRAigulq6jXmAnlY

Request Chain 142

• https://fksnk.com/cs/google?google_gid=CAESENJe4Cln1p56JpN6yPQ-n8g&google_cver=1&google_push=AQvitULeCBN7dD94piBxBPOn9Ed8GSGRGziKxkh2Olle-4DJPuECcAnP3VSucs5_b_h_-_EpaXWg3Zgrrd5zpMvCQyk2gKDHrs0JSQ HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEEyQjI5Q0FFOURCNjgwNg==

Request Chain 143

• https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEKcnzMOLaaEro3a93P6-YcM&google_cver=1&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC HTTP 302
• https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEKcnzMOLaaEro3a93P6-YcM&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC&s=2 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC&google_hm=cG5RcDdORTJUV3lUUVhkdHM4cG4=

Request Chain 146

• https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9y4 HTTP 302
• https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9y4&av_tc=True HTTP 302
• https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9y4 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YWI1YmI1YzMtM2RlMS00MGE2LWExMjItOWJlMmI4YzZlODYz

Request Chain 192

• https://ads.travelaudience.com/google_pixel?google_gid=CAESEOR1rCTtEx67G6c-NB0S-zs&google_cver=1&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY HTTP 307
• https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY&google_tc=

Request Chain 193

• https://px.adhigh.net/p/gm/rub?google_gid=CAESEGL8rtzKYA9LsVqeJ0KDLIs&google_cver=1&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw HTTP 302
• https://px.adhigh.net/p/gm/rub?google_gid=CAESEGL8rtzKYA9LsVqeJ0KDLIs&google_cver=1&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&bounced=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&google_hm=9pdSGEIdU_gAAikABlF51zdSYw%3D%3D

Request Chain 194

• https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKU73_hcrowbae-jhbNQG4w&google_cver=1&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-Daozvg5jPDGjAyvoh_U HTTP 302
• https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKU73_hcrowbae-jhbNQG4w&google_cver=1&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-Daozvg5jPDGjAyvoh_U HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk4ODczODE1MDA0ODMyMzM0OQ&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-Daozvg5jPDGjAyvoh_U

Request Chain 195

• https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEGVKyRy8vkhEC2C4bxVYaos&google_cver=1&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6Os514SJexp7eVw HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=q97K3rIoRzVbIISTByWHXFvPrFY&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6Os514SJexp7eVw

Request Chain 196

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M&google_cver=1&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI HTTP 302
• https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&s=184023&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M

Request Chain 197

• https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEJ6GUVX-oWgyVj3KUNx2U8o&google_cver=1&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc36POknD3oslwrU HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=WXJlTDN0Tm1ydA==&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc36POknD3oslwrU

Request Chain 198

• https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEFrKm4ZkABkyFiWOHuLXXEg&google_cver=1&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw0t9eEAxDf9i0C5f8GcZlGZU7RGyQVUMvwtYA HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OGEzY2QyZDEtMTZjZC00NDJkLThiYzktNDM0YjNjYzI3OTI0&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw0t9eEAxDf9i0C5f8GcZlGZU7RGyQVUMvwtYA

Request Chain 201

• https://gcdn.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/64259A53C6D337660094DD6CF6E7AC335E496463.1C46490381B0DAB5312F5D3F5D33E87E69571BE9/key/ck2/file/file.webm HTTP 302
• https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm

Request Chain 210

• https://googleads.g.doubleclick.net/xbbe/pixel?d=CNeaNhDColUYmOqIqAEgATAB&v=APEucNU4urCtU8nmpkoqsxdtM0le_u0lZ1vtrDRNb_HWpC3tlyXccEKzR-ADQPTkqvaMlg4Go-bPzbrXbGuDoKVPeB8HjPsLMw HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm HTTP 302
• https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEHx3rITH0GHduNGQvpZBLec&google_cver=1

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response returnsandrefund.com/ Redirect Chain https://cdn-1.returnsandrefund.com/ https://returnsandrefund.com/	112 KB 26 KB	569ms 527ms	Document text/html	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 6543a0f616198a2eb5ea9956839a88de8cb9139b7d0e4df279e20347a03639bd Request headers :method GET :authority returnsandrefund.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers age 79957 cache-control max-age=0, must-revalidate, no-cache, no-store content-encoding br content-type text/html; charset=UTF-8 date Fri, 04 Jun 2021 13:29:48 GMT display pub_site_sol expires Thu, 03 Jun 2021 13:29:48 GMT last-modified Fri, 04 Jun 2021 02:01:22 GMT pagespeed off response 200 server nginx/1.16.0 set-cookie ezoadgid_200400=-1; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 13:59:47 UTC ezoref_200400=; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 15:29:47 UTC ezoab_200400=mod13-c; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 15:29:47 UTC active_template::200400=pub_site.1622813387; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 13:29:47 UTC ezopvc_200400=1; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 13:59:48 UTC ezepvv=0; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 13:29:48 UTC ezovid_200400=1436148489; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 13:59:48 UTC lp_200400=https://returnsandrefund.com/; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 13:59:48 UTC ezovuuidtime_200400=1622813388; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 13:29:48 UTC ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; Path=/; Domain=returnsandrefund.com; Expires=Fri, 04 Jun 2021 13:59:48 UTC ezCMPCCS=true; Path=/; Domain=returnsandrefund.com; Expires=Sat, 04 Jun 2022 13:29:48 GMT vary Accept-Encoding Accept-Encoding,User-Agent x-cache HIT x-cache-hits 740 x-ezoic-cdn Miss x-middleton-display pub_site_sol x-middleton-response 200 x-sol pub_site Redirect headers date Fri, 04 Jun 2021 13:29:47 GMT content-type text/plain; charset=utf-8 content-length 0 cache-control max-age=300, private location https://returnsandrefund.com/ vary Accept-Encoding Accept-Encoding x-middleton-display redirect cf-cache-status DYNAMIC cf-request-id 0a78d042b00000970495104000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6vwkuLUvnQkdmodAuheMgtvw%2FUsG3Yjng8wci8tlhZYyGcvKAWzlT103nwVr%2B7j0oTYgFOGc1rS3zdTT%2BN%2BvBV4uoKJOf%2BHCs5g8eBS4CZwRP2ujLs%2BuZw5Bi6ryTYJHj5T5SLEuYHFVjQVqy3oFytfhPmc%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 65a1831779a99704-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
GET H2	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	62 KB 21 KB	70ms 29ms	Script text/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software sffe / Resource Hash 4a19ad93b8c725e7f19dcc851248a683bffb63243553bb91f6fafd3bc41302a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:48 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "892 / 912 of 1000 / last-modified: 1622804990" vary Accept-Encoding content-type text/javascript cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 21347 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:48 GMT
GET H2	200	dall.js Show response go.ezodn.com/hb/	243 KB 72 KB	60ms 32ms	Script application/javascript	2606:4700:3032::ac43:b890 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.ezodn.com/hb/dall.js?b=amx,criteo,medianet,oftmedia,sharethrough,spotx,unruly&cb=194-2-22 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 679aeee8bf08a5cc8d40096239dadd67c777dc6bbbc08df8843ac564be48d0ab Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:48 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} server cloudflare age 265323 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=L%2FoOAW4%2Byn%2BnbqcMXMIvWk2Q2YFekg5pHPtEmdrGWp2ZUqjwzRzTWj8TZVVnjzU7SNsE%2B%2FePr4zrhddKAVW3NwpPD321%2FHCMxQV1Zh9xOJj0gE8nLZHgzM0ahTZef2LG2lcK3tqJ"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control public, max-age=31536000 cf-ray 65a183206f48640d-FRA alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400 cf-request-id 0a78d048400000640d4e3cf000000001
GET H2	200	841ee1dfdec3fbc473772577a8b3240b.css returnsandrefund.com/wp-content/cache/min/1/	147 KB 49 KB	26ms 25ms	Stylesheet text/css	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc Request headers :path /wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:48 GMT content-encoding br x-sol orig age 63809 x-ezoic-cdn Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182 x-cache HIT x-middleton-display staticcontent_sol, orig_site_sol x-middleton-response 200 response 200 last-modified Fri, 04 Jun 2021 05:11:16 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type text/css; charset=utf-8 cache-control public, max-age=31536000 display staticcontent_sol, orig_site_sol x-cache-hits 17
GET H2	200	css fonts.googleapis.com/	5 KB 736 B	28ms 28ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 04 Jun 2021 13:18:35 GMT server ESF date Fri, 04 Jun 2021 13:29:48 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 04 Jun 2021 13:29:48 GMT
GET H2	200	jquery-1.12.4-wp.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/	95 KB 32 KB	434ms 434ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df Request headers :path /wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 81046 x-ezoic-cdn Bypass x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-cache-hits 1133 x-middleton-response 200 response 200 last-modified Fri, 04 Jun 2021 13:11:13 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol expires Fri, 03 Jun 2022 14:59:02 GMT
GET H2	200	responsive-menu-c1e228c238344335eaf7288b4e454a0f.js Show response returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/	765 B 506 B	81ms 80ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48 Request headers :path /wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:48 GMT content-encoding br age 63810 x-ezoic-cdn Hit ds;ms;c5ae736beb74dda836b2ae3f904f7066;2-200400-0;a1470e90-952b-4279-654b-419cd8c77462 x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 315 response 200 last-modified Fri, 04 Jun 2021 05:11:16 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol x-cache-hits 17
GET H2	200	js Show response www.googletagmanager.com/gtag/	89 KB 35 KB	37ms 37ms	Script application/javascript	2a00:1450:4001:82a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-150748452-1 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 813f95003f8884b4e0f0ae06111f7f900385173853f09cd90b81804195d756c1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35965 x-xss-protection 0 last-modified Fri, 04 Jun 2021 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 04 Jun 2021 13:29:49 GMT
GET H2	200	cookieconsent.min.js Show response returnsandrefund.com/ezoic/	4 KB 2 KB	10ms 8ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/ezoic/cookieconsent.min.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0 Request headers :path /ezoic/cookieconsent.min.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:48 GMT content-encoding br last-modified Fri, 28 May 2021 04:19:14 GMT server nginx/1.16.0 etag "11a4-5c35c2da8d480-gzip" vary Accept-Encoding Accept-Encoding content-type application/javascript cache-control max-age=31536000, public accept-ranges bytes x-robots-tag noindex content-length 1707 expires Sat, 04 Jun 2022 13:29:48 GMT
GET H2	200	banger.js Show response returnsandrefund.com/porpoiseant/	43 KB 10 KB	13ms 13ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509 Request headers :path /porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type application/javascript x-middleton-display sol-js cache-control max-age=31536000, public x-robots-tag noindex
GET H2	200	wp-polyfill.min-7.4.4.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/	97 KB 32 KB	459ms 458ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3 Request headers :path /wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 81047 x-ezoic-cdn Bypass x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-cache-hits 1121 x-middleton-response 200 response 200 last-modified Fri, 04 Jun 2021 08:11:24 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol expires Fri, 03 Jun 2022 14:59:02 GMT
GET H2	200	index-4e981829b016000918dd61f7ac7dab7e.js Show response returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/	13 KB 4 KB	33ms 32ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805 Request headers :path /wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 63809 x-ezoic-cdn Hit ds;mm;eb5c2d7020fda4533e4f2c14e95b4e90;2-200400-0;5b01d4fa-47c3-42bc-5e82-738e78695add x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 3778 response 200 last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol x-cache-hits 17
GET H2	200	hoverIntent.min-1.8.1.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/	1 KB 639 B	426ms 423ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4 Request headers :path /wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 81047 x-ezoic-cdn Bypass x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-cache-hits 1126 x-middleton-response 200 content-length 447 response 200 last-modified Fri, 04 Jun 2021 03:11:22 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol expires Fri, 03 Jun 2022 14:59:02 GMT
GET H2	200	superfish.min-1.7.10.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/	4 KB 2 KB	20ms 18ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327 Request headers :path /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 25317 x-ezoic-cdn Hit ds;mm;74aa522f6903ecede49f6fe26e67f571;2-200400-0;e1f0d140-2976-4678-542e-a4865edc8a22 x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 1743 response 200 last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol x-cache-hits 10
GET H2	200	superfish.args.min-3.3.3.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/	132 B 231 B	63ms 61ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5 Request headers :path /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 25317 x-ezoic-cdn Hit ds;ms;741c3197cbcdb4fa3069ff8bd82b4d2a;2-200400-0;55f39d27-536f-4174-407e-ce1b2e1ef5f0 x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 102 response 200 last-modified Fri, 04 Jun 2021 09:11:14 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol x-cache-hits 10
GET H2	200	skip-links.min-3.3.3.js Show response returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/	386 B 318 B	34ms 32ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb Request headers :path /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 25317 x-ezoic-cdn Hit ds;mm;9dd6d85aaaabfbd9a62c43b4c9b53dea;2-200400-0;6c89b136-13a7-40f4-7c44-442d51efe6eb x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 188 response 200 last-modified Fri, 04 Jun 2021 11:11:12 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol x-cache-hits 10
GET H2	200	wp-embed.min.js Show response returnsandrefund.com/wp-includes/js/	1 KB 732 B	354ms 352ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/wp-includes/js/wp-embed.min.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Request headers :path /wp-includes/js/wp-embed.min.js pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 81047 x-ezoic-cdn Bypass x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-cache-hits 1124 x-middleton-response 200 content-length 663 response 200 last-modified Fri, 04 Jun 2021 09:11:20 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,Origin content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public display staticcontent_sol, staticcontent_sol expires Fri, 03 Jun 2022 14:59:02 GMT
GET H3-29	200	pubads_impl_2021052601.js Show response securepubads.g.doubleclick.net/gpt/	311 KB 109 KB	61ms 29ms	Script text/javascript	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software sffe / Resource Hash bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 26 May 2021 08:37:30 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control private, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 111649 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:49 GMT
GET H2	200	nmash.js returnsandrefund.com/porpoiseant/	33 KB 9 KB	13ms 12ms	Other application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/nmash.js?v=19 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd Request headers :path /porpoiseant/nmash.js?v=19 pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode same-origin accept */* cache-control no-cache sec-fetch-dest worker :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br last-modified Fri, 28 May 2021 04:19:14 GMT server nginx/1.16.0 etag "854d-5c35c2da8d480;5c3ec3d05c29c-gzip" vary Accept-Encoding Accept-Encoding content-type application/javascript cache-control max-age=31536000, public accept-ranges bytes x-robots-tag noindex
GET H2	200	ezosuigeneris.js Show response g.ezoic.net/	555 B 561 B	56ms 24ms	Script text/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/ezosuigeneris.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 51708beaf9a000bb4ecb0ee692b121e994bd1377da7a060e36654b8ac5cb8ff1 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 etag 5ff922c3402632dc80cf7cf8d9be45cb vary Accept-Encoding, Accept-Encoding content-type text/javascript cache-control max-age=999999, private content-length 274 expires Mon, 29 Apr 2020 21:44:55 GMT
GET H2	200	cmb.js Show response returnsandrefund.com/detroitchicago/	111 KB 28 KB	28ms 27ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 88bf99dfeef697b37700ffaf912c97f31c91350bde110d057c7d779dac3607d6 Request headers :path /detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type application/javascript x-middleton-display sol-js cache-control max-age=31536000, public x-robots-tag noindex
GET H2	200	return-logo-2.png returnsandrefund.com/wp-content/uploads/2019/03/	1 KB 1 KB	66ms 66ms	Image image/png	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8 Request headers :path /wp-content/uploads/2019/03/return-logo-2.png pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 6520 x-ezoic-cdn Hit ds;ms;dfcf52210967f019fd4ce3feb2e0509c;2-200400-0;58130387-7f1b-4994-430f-8f272559e8bf x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 1075 response 200 last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type image/png cache-control public, max-age=31536000 display staticcontent_sol, staticcontent_sol x-cache-hits 6
GET H2	200	TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 fonts.gstatic.com/s/oswald/v36/	16 KB 16 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://returnsandrefund.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 18:36:08 GMT x-content-type-options nosniff last-modified Thu, 28 Jan 2021 20:31:14 GMT server sffe age 240821 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 16016 x-xss-protection 0 expires Wed, 01 Jun 2022 18:36:08 GMT
GET H3-29	200	0QIvMX1D_JOuMwr7Iw.woff2 fonts.gstatic.com/s/lora/v17/	34 KB 34 KB	30ms 29ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lora/v17/0QIvMX1D_JOuMwr7Iw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://returnsandrefund.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 01:42:50 GMT x-content-type-options nosniff last-modified Thu, 28 Jan 2021 22:52:25 GMT server sffe age 215219 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35284 x-xss-protection 0 expires Thu, 02 Jun 2022 01:42:50 GMT
GET H2	200	download-1.png returnsandrefund.com/wp-content/uploads/2020/02/	3 KB 3 KB	19ms 18ms	Image image/png	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://returnsandrefund.com/wp-content/uploads/2020/02/download-1.png Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849 Request headers :path /wp-content/uploads/2020/02/download-1.png pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br age 39359 x-ezoic-cdn Hit ds;mm;502accaecac65cd023d490ab18d798a5;2-200400-0;f26c5b44-29ec-47d0-4284-f337eec4ce43 x-cache HIT x-middleton-display staticcontent_sol, staticcontent_sol x-middleton-response 200 content-length 2981 response 200 last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type image/png cache-control public, max-age=31536000 display staticcontent_sol, staticcontent_sol x-cache-hits 8
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 19 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Fri, 09 Apr 2021 23:59:54 GMT server Golfe2 age 1106 date Fri, 04 Jun 2021 13:11:23 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19569 expires Fri, 04 Jun 2021 15:11:23 GMT
GET H2	200	download-4.jpg returnsandrefund.com/wp-content/uploads/2020/02/	12 KB 12 KB	25ms 23ms	Image image/jpeg	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://returnsandrefund.com/wp-content/uploads/2020/02/download-4.jpg Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080 Request headers :path /wp-content/uploads/2020/02/download-4.jpg pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br vary Accept-Encoding Accept-Encoding,User-Agent,Origin response 200 last-modified Fri, 04 Jun 2021 03:11:22 GMT server nginx/1.16.0 age 39359 x-ezoic-cdn Hit ds;dm;42dbe1ec3ee9c20d6caedbd1281216e7;2-200400-0;50204df6-d861-48db-7f70-35f7831b4a70 x-cache HIT content-type image/jpeg x-middleton-display staticcontent_sol, staticcontent_sol cache-control public, max-age=31536000 x-middleton-response 200 display staticcontent_sol, staticcontent_sol x-cache-hits 8
GET H2	200	images-2.jpg returnsandrefund.com/wp-content/uploads/2020/02/	9 KB 9 KB	47ms 46ms	Image image/jpeg	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://returnsandrefund.com/wp-content/uploads/2020/02/images-2.jpg Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5 Request headers :path /wp-content/uploads/2020/02/images-2.jpg pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br vary Accept-Encoding Accept-Encoding,User-Agent,Origin response 200 last-modified Fri, 04 Jun 2021 13:11:10 GMT server nginx/1.16.0 age 39359 x-ezoic-cdn Hit ds;dm;7b4b808955c5813402eef6c10ded310c;2-200400-0;d541490f-856b-4e98-67a9-2c89e345f29f x-cache HIT content-type image/jpeg x-middleton-display staticcontent_sol, staticcontent_sol cache-control public, max-age=31536000 x-middleton-response 200 display staticcontent_sol, staticcontent_sol x-cache-hits 7
GET H2	200	houston.js Show response returnsandrefund.com/detroitchicago/	3 KB 1 KB	17ms 13ms	Script application/javascript	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=36 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa Request headers :path /detroitchicago/houston.js?gcb=2&cb=36 pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept */* cache-control no-cache sec-fetch-dest script :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type application/javascript x-middleton-display sol-js cache-control max-age=31536000, public x-robots-tag noindex content-length 1163
GET H2	200	imp.gif Show response returnsandrefund.com/detroitchicago/	43 B 128 B	16ms 15ms	XHR image/gif	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C1%2C22%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A4%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%227d60b2fc-fd20-494d-7084-ee56fcd7980a%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48429%2C%22response_time_orig%22%3A326%2C%22serverid%22%3A%223.126.91.182%3A18680%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1622813387%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Request headers :path /detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C1%2C22%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A4%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%227d60b2fc-fd20-494d-7084-ee56fcd7980a%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A48429%2C%22response_time_orig%22%3A326%2C%22serverid%22%3A%223.126.91.182%3A18680%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1622813387%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br server nginx/1.16.0 vary Accept-Encoding Accept-Encoding Accept-Encoding content-type image/gif x-middleton-display imp_sol cache-control no-cache, no-store, must-revalidate, max-age=0 content-length 47
GET H2	200	quant.js Show response secure.quantserve.com/	24 KB 9 KB	27ms 9ms	Script application/javascript	2620:116:800d:21:8c6e:cf2c:8d6:9fb5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/quant.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding gzip etag "WhyxmPkT7L77qVDcrjxwGw==" vary Accept-Encoding content-type application/javascript cache-control private, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes expires Fri, 11 Jun 2021 13:29:49 GMT
GET H2	200	841ee1dfdec3fbc473772577a8b3240b.css returnsandrefund.com/wp-content/cache/min/1/	64 KB 64 KB	52ms 51ms	Image text/css	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br x-sol orig age 63809 x-ezoic-cdn Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182 x-cache HIT x-middleton-display staticcontent_sol, orig_site_sol x-middleton-response 200 response 200 last-modified Fri, 04 Jun 2021 05:11:21 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding,User-Agent,Origin content-type text/css; charset=utf-8 cache-control public, max-age=31536000 display staticcontent_sol, orig_site_sol x-cache-hits 17
GET H2	200	ezosuigenerisc.js Show response g.ezoic.net/	0 54 B	12ms 11ms	Script text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/ezosuigenerisc.js?nogen=1 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT cache-control max-age=300, private server nginx/1.16.0 content-length 0 vary Accept-Encoding, Accept-Encoding content-type text/plain; charset=utf-8
GET H2	200	greenoaks.gif Show response returnsandrefund.com/detroitchicago/	0 104 B	12ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI1In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6IjVmZjkyMmMzNDAyNjMyZGM4MGNmN2NmOGQ5YmU0NWNiIn1dfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDQifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI1In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJ1bml2ZXJzYWxfdXNlcl9pZCIsInZhbCI6IjVmZjkyMmMzNDAyNjMyZGM4MGNmN2NmOGQ5YmU0NWNiIn1dfV0= pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:49 UTC
POST H3-29	200	collect Show response www.google-analytics.com/j/	1 B 21 B	26ms 26ms	XHR text/plain	2a00:1450:4001:831::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1598877077&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1951703531&gjid=1415789822&cid=1077206813.1622813390&tid=UA-150748452-1&_gid=1416513105.1622813390&_r=1&gtm=2ou621&z=42274798 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:49 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://returnsandrefund.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	rules-p-31iz6hfFutd16.js Show response rules.quantcount.com/	3 B 429 B	70ms 22ms	Script application/javascript	2600:9000:218e:7c00:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-31iz6hfFutd16.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/quant.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:218e:7c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 16:58:24 GMT via 1.1 53f1fabf09e106b6477c73343225c059.cloudfront.net (CloudFront) age 73886 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 3 last-modified Sat, 04 Mar 2017 19:50:24 GMT server AmazonS3 etag "8a80554c91d9fca8acb82f023de02f11" access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=86400 x-amz-cf-pop CDG52-P1 accept-ranges bytes x-amz-cf-id LYiXAlBYnHshXknq1rJjhydMg0ftG7hj8BCx07Ks1jviZLhQeD8Vug==
GET H2	200	pixel;r=2050054285;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-2038066724-1622813389884;pbcn=u;pbc=;ns=... pixel.quantserve.com/	35 B 371 B	12ms 10ms	Image image/gif	2620:116:800d:21:8c6e:cf2c:8d6:9fb5 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.quantserve.com/pixel;r=2050054285;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-2038066724-1622813389884;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=returnsandrefund.com;je=0;sr=1600x1200x24;dst=1;et=1622813389883;tzo=-120;ogl= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:49 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H2	200	dark-bottom.css returnsandrefund.com/ezoic/styles/	3 KB 815 B	10ms 9ms	Stylesheet text/css	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/ezoic/styles/dark-bottom.css Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3 Request headers :path /ezoic/styles/dark-bottom.css pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:49 GMT content-encoding br last-modified Fri, 28 May 2021 04:19:14 GMT server nginx/1.16.0 etag "bd7-5c35c2da8d480-gzip" vary Accept-Encoding Accept-Encoding content-type text/css cache-control max-age=31536000, public accept-ranges bytes x-robots-tag noindex content-length 725
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 165 B	34ms 32ms	Script application/javascript	2a00:1450:4001:801::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:50 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 165 B	33ms 33ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:50 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	945 B 303 B	520ms 519ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=2120407208754864&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-box-2%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%2C580x400&prev_scp=a%3D%257C124%257C%26iid8%3D736115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-736115%26eb_br%3Deeb0e32289ff31f9ddef18331038e5e9%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D900%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%7Ca%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622772082&dt=1622813390175&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=650%2C345&adys=80%2C920&adks=3330214951%2C3214824028&ucis=1%7C2&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250%7C809x400&msz=300x250%7C580x400&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash bfdaaf0bfa6dc8815119653c42eb294a59f5d238d3d76f2f168a434062edb47f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:50 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2,-2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 273 x-xss-protection 0 google-lineitem-id -2,-2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2,-2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	container.html 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/	0 0	84ms 26ms	Other text/html	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	476 B 284 B	769ms 768ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=2922857438631309&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C6%257C%26iid7%3D688115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-688115%26eb_br%3D39abb99448d54704c4afa42efe76e15d%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D1100%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622772082&dt=1622813390230&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash bb1445f76b9a2a112fd6bdc0e6ac5b0d8fb9d8e21d05ad404444519dc453022d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:50 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 254 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	greenoaks.gif Show response returnsandrefund.com/detroitchicago/	0 65 B	26ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjU2NiJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA5MyJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTMifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTA5NiJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjEyOTIifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTM5OSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjIwMzYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIwMzYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjU2NiJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA5MyJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTMifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTA5NiJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjEyOTIifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiMTM5OSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjIwMzYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjIwMzYifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfV0= pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=0e00d4c36ef89926-22cb40ef55c800b0:T=1622813390:S=ALNI_MbYSfFhqbuX3JVL1xXkDt8A2ye82Q accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:50 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:50 UTC
GET H2	200	greenoaks.gif Show response returnsandrefund.com/detroitchicago/	0 19 B	26ms 10ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTg2OSJ9XX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTg2OSJ9XX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=0e00d4c36ef89926-22cb40ef55c800b0:T=1622813390:S=ALNI_MbYSfFhqbuX3JVL1xXkDt8A2ye82Q accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:50 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:50 UTC
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	10 KB 8 KB	54ms 38ms	XHR application/json	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052601&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 8b837020c4c36dcedcf17bab657666e1b318011f6a45f814a54ade661a9cefd3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:50 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7714 x-xss-protection 0
GET H2	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	28ms 27ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:50 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1616005470650935" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6437 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:50 GMT
GET H3-29	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/222/ Frame AE1E	12 KB 5 KB	16ms 8ms	Document text/html	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/sodar2/222/runner.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://returnsandrefund.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://returnsandrefund.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin content-length 5022 date Fri, 04 Jun 2021 12:26:58 GMT expires Sat, 04 Jun 2022 12:26:58 GMT last-modified Wed, 20 Jan 2021 19:23:06 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 3772 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	aframe Show response www.google.com/recaptcha/api2/ Frame 7867	783 B 829 B	31ms 30ms	Document text/html	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 466f959eb585605eb7cbaf56881fa87ce461f8912b51682d77781437dad72e3b Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-9zJCwqBvTNq0pFh/2NpfIA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers :method GET :authority www.google.com :scheme https :path /recaptcha/api2/aframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://returnsandrefund.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://returnsandrefund.com/ Response headers expires Fri, 04 Jun 2021 13:29:50 GMT date Fri, 04 Jun 2021 13:29:50 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-9zJCwqBvTNq0pFh/2NpfIA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 513 server GSE alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Show response pagead2.googlesyndication.com/bg/ Frame AE1E	14 KB 6 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 08:41:22 GMT content-encoding br x-content-type-options nosniff age 17308 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5768 x-xss-protection 0 last-modified Mon, 31 May 2021 08:58:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 04 Jun 2022 08:41:22 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	47ms 46ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052601&jk=2521825018140718&bg=!iomlic3NAAY6sG-_OrA7ACkAdvg8Wo8r6GrjegkTu-XrMwv8kYfZwU0byZBflHDveiTJEYqS2herBQIAAACUUgAAABFoAQcKAGa37wxyv3TGnsG7z0_i-Z_yTo4ltZnG0UBG_nAdmHDJ2ylHEE2g8RBlp7nKyY93zb7axL7dF0xax_qLHkQq7gZemB-O3Hzf88Fdpy3A92cOAIBHBGc0KsSHyDcWu5fyhEt6SJk7DBGZAkHSW-rXh_zXa9ULFZhcr_1BZv5upNpj0gIDvIjqraB9SeIYqSuE41dVs_8dBPwUc5covpOnC4AG_m_9AjoaWMytgU2RnTdvboe3zdeYGQFZzaRb8ANHqdKDOKBPziHtcXCozpAJe0W7xMj_uhO0q8QhCSxOUTL7nIUrxE6Ja2GBZnSaXyu-_nvRbTOKCmwyYT7YetEWGX1eUt8qdnmxzMfIm8UzgwoeVTMbZgeQdgBVHbi9JDo4NSL6BkZnghL7gc0YPvyYtOnnOBk42vW2lbjGLXBEQhRuqlSNOtfFgqTVucf2blLiGP3ohHLtJuMVrXaJTp0uuXtgfu7igD1DJRgOvypFogc1zf0QqMCX7Ij2VpBt3HiDJHflVJNE1Qdw4px3zTjGCDAaFDUuYM6evEdLdbILjif2ZrJ1hzvs4Yaeax-i1zklVNNGBhLlwNExD6YH0rSkqafxPy6JGpEVlENyefk-buP4xSdVRzmOYREoW1G8_9_EQ0MstZaFuqtvlRtXz47AA6S_vEr3NmsvnKV87XOotkFRGt8aKpbl5_ZhaqaOvSDaJbD2P2q6Hlfo5C3Wx6yS6oqiXuSEq_CvdhO_FgoF2sUqnv7VQMYPLWc-pCBcv2fYPBll-k255pxyGSCmPYFxuw8oornxf1TY2HbmrLeDFMTirp2h7kZ7NGaD3esgwKEx_9pQJb2W5KL9KQ1LAwFZEEdklrI1_FC7hRg9qpj_XU--_6Bu0svmKqg4LNQZyg1kKWwc-xwbiPRQCuab Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:51 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	56ms 28ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:52 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	57ms 28ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:52 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	459 B 269 B	704ms 704ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=988257569186303&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=1&prev_scp=a%3D%257C6%257C%26iid7%3D688115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-688115%26eb_br%3D26dfa00588543c52511429ade391f561%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D550%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D1100%26reqt%3D1622813392601&eri=1&cookie=ID%3Df4f869c9c998c359-22a2dbf255c80003%3AT%3D1622813390%3AS%3DALNI_MY0Sl9_-sAKm-Ylv_zl81qm4VIGAQ&bc=31&abxe=1&lmt=1622772082&dt=1622813392605&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 211b7db03598e00ad55af8483e5157f5043ae80edfdff91393e1b244280097ed Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:53 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 238 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	460 B 273 B	729ms 729ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=477069889619298&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=1&prev_scp=a%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D220%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C20%26lb%3D450%26reqt%3D1622813392609&eri=1&cookie=ID%3Df4f869c9c998c359-22a2dbf255c80003%3AT%3D1622813390%3AS%3DALNI_MY0Sl9_-sAKm-Ylv_zl81qm4VIGAQ&bc=31&abxe=1&lmt=1622772082&dt=1622813392612&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 898e32b2bc673515300e6cc2958c76dad42172ac95045c7d122300079162dd9b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:53 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 242 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	451 B 262 B	747ms 747ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=444383628316099&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=1&prev_scp=a%3D%257C124%257C%26iid8%3D736115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-736115%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D450%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26lb%3D900%26reqt%3D1622813392616&eri=1&cookie=ID%3Df4f869c9c998c359-22a2dbf255c80003%3AT%3D1622813390%3AS%3DALNI_MY0Sl9_-sAKm-Ylv_zl81qm4VIGAQ&bc=31&abxe=1&lmt=1622772082&dt=1622813392619&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash b28ae3547df67667b1976f48e5faa3477551d2cf02e0ca76a543881de33445b1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:53 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 231 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	32ms 27ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	35ms 29ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	350 B 182 B	759ms 755ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=2134491151912327&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C6%257C%26iid7%3D688115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-688115%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D200%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%26lb%3D550%26reqt%3D1622813393318&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813394368&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash f3c6a25b8e809af9417fd38e1f2d7949781471dd2ec61095a4fc4c313e02ad51 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 153 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	351 B 182 B	510ms 507ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=1271197958813867&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=2&prev_scp=a%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D140%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C20%2C17%2C20%26lb%3D220%26reqt%3D1622813393350&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813394378&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash bcbee5f33ee799f796d40555b0c74d4c39247b85685906138b5717c815a3b8e1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:54 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 153 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	342 B 171 B	357ms 356ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=4232354806372791&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=2&prev_scp=a%3D%257C124%257C%26iid8%3D736115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-736115%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D160%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C20%26lb%3D450%26reqt%3D1622813393375&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813394406&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 8e7f5e8cbc4d23083a5f6c4a1468c4b59dafb9975d98e427c91d8f39f514302b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:54 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 142 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	28ms 28ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	29ms 28ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	351 B 183 B	322ms 322ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=1995175572481903&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=3&prev_scp=a%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D80%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C20%2C17%2C20%2C17%2C19%2C20%26lb%3D140%26reqt%3D1622813394895&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813394898&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash b7ca437fe836c69b183e487af539db9ed602853bb6d2b142bf4fb55a8bc156cb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 154 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 65 B	10ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyOTUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODExNSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQyIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyOTUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjY4ODExNSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQyIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:54 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:54 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	16ms 14ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjI3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MjI3NjUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:54 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:54 UTC
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	15 KB 9 KB	297ms 296ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=2673321439082198&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=a%3D%257C124%257C%26iid8%3D736115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-736115%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D16%26br2%3D450%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C20%2C17%2C18%2C19%2C20%26lb%3D160%26reqt%3D1622813394932&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813394936&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 829d31b888cb7325c883d9a3dae0bc30fa270a78cef07d6bb3636ff63c4586e9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8781 x-xss-protection 0 google-lineitem-id -1 pragma no-cache server cafe google-creative-id -1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	31ms 30ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	29ms 28ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	14 KB 8 KB	434ms 433ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=42348090281396&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=3&prev_scp=a%3D%257C6%257C%26iid7%3D688115%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-688115%26eb_br%3D7432360301409ae695ba255f16fbcf06%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D23%26bvm%3D0%26bvr%3D3%26shp%3D1%26ftsn%3D3%26br1%3D20%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D82%2C25%2C176%2C67%2C51%2C122%2C89%2C20%2C26%2C188%2C143%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C20%2C17%2C18%2C19%2C20%26lb%3D200%26reqt%3D1622813395139&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813395148&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=c&ifi=12&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash c70a4a10f0448b5610bfe6a840c84feb4d9b161eeb5725e79446d895110255da Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8629 x-xss-protection 0 google-lineitem-id -1 pragma no-cache server cafe google-creative-id -1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	container.html Show response 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0A52	6 KB 3 KB	33ms 6ms	Document text/html	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://returnsandrefund.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://returnsandrefund.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Fri, 04 Jun 2021 13:29:50 GMT expires Sat, 04 Jun 2022 13:29:50 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 5 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	osd.js Show response www.googletagservices.com/activeview/js/current/	73 KB 28 KB	27ms 26ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/osd.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 11d71fc112df3977b9562151e6c75ce860c42779dddcc79af1d0a07366cd44d3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl server sffe etag "1622656037121142" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 x-content-type-options nosniff accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28114 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:55 GMT
GET H2	200	greenoaks.gif Show response returnsandrefund.com/detroitchicago/	0 42 B	8ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjY0MzgifV19XQ== Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjY0MzgifV19XQ== pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=16; ezouspva=1; ezouspvh=16 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:54 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 42 B	9ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJlMjlmNjlkZDQ2OGQzMWE1NTE0ZGM5YjU1ODdjZTc1NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE2LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTYsImJpZF9mbG9vcl9wcmV2IjowLjAwMTYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MzYxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MzYxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJlMjlmNjlkZDQ2OGQzMWE1NTE0ZGM5YjU1ODdjZTc1NyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE2LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTYsImJpZF9mbG9vcl9wcmV2IjowLjAwMTYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MzYxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI3MzYxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0= pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=16; ezouspva=1; ezouspvh=16 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:55 UTC
GET H2	200	28687274 Show response g.ezoic.net/dac/	0 93 B	36ms 11ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/dac/28687274 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * date Fri, 04 Jun 2021 13:29:55 GMT cache-control max-age=3600, public server nginx/1.16.0 content-length 0 vary Accept-Encoding content-type text/plain
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	10ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=16; ezouspva=1; ezouspvh=16 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:55 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	9ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTUsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjkwMCwiYmlkX2Zsb29yX3ByZXYiOjE2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTYsImF1Y3Rpb25fY291bnQiOjQsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjMzOCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTUsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjkwMCwiYmlkX2Zsb29yX3ByZXYiOjE2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTYsImF1Y3Rpb25fY291bnQiOjQsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjMzOCwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=16; ezouspva=1; ezouspvh=16 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:55 UTC
GET H2	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame DA71	624 B 350 B	30ms 30ms	Document text/html	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie IDE=AHWqTUmH2zYthfLsD9lOgVgGSpiknigYw_9WQwozli_U8dPKbUki3Npvy1Zqw5cUS-o Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Fri, 04 Jun 2021 13:29:55 GMT server cafe cache-control private content-length 276 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 0A52	59 KB 24 KB	63ms 58ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CHe1puxXsCmZH1p765Py-RxpA3u4htjAG_k-TG7DYzIkQPxbFdWO0M2gchPUm5MegFNs5XhrABVFxgCCq_QD5xZej7ka6BS_M0d00dQonhMZ27FZDA2bKYAFDv_dTKarmPV4-ovWSYyb7Q7CmmhL2xbyqOqA&dbm_d=AKAmf-AqalS7nUUXvdaWWWe_qJrj_4VZ8U7WvKyEOTaqLy_vbYaQCuB4fgQ_EVel2cWpjqSfDweuMUxTP8i0ZcwTW_2cN95cHjowxa4Vlw_SUO-8iMhl7RPaIE9cAocHWRWip2caXNi0W8MI0Z3Tx-yfHZ8NWOxwt0CMgJpCCGtADxqpow_-qsHG9CywhqXj0twZPCRgU6mL1SX4oFycPKl88WDRagza-cZ_prBIP6aHC3x75CiCkBqaq1WBwy4mHwQc6M1Rp8pzpZLUiW4MWPtGJOKMklX5w32HvYl2JtVhzGpkJGrYAAkJX2pR__uIAoX1K5O3YYkh-JuadOy3jiMlkmSnasRxaVpIRW1J9L4Qn1TGkz_r0xszHEH3q85OC65VLlBOQrBj3zpSx7Xi0y2CC7u7C7pjE4zjVVh5aXY6OgmyUM4r45Kw0Wpkm5k5Zjp4zSuwUtoicoL_AzpMSP3ImpMmJewsVbmMEj0oHwcbmXSCI5Horh1AGzYPZPsudrQ7YihliXoFsIlGDO917CITQ71qqJyWZoVI1bOyWDA-zfunoRmQvBHTlF8FTWAG_p2mLZwkTq6X7C8i2uETulTMe9yG2OPdTkun1Z_v1orwXTO11ngajaAyVnR4hsPBmoh1U56BIfMzfk8HCZLBPhNKPNnXQTRpF1825fT9sMVnrRJhqdXRQW-3G8Gg7Yl6EtGBNgbGOYN51Eu-E0mCXXhVD8oUALDQCXHQD81yaX6Ego2_ztlPsXSkl_7FTZFuIFVfNFfS1HGoPP5tkXrd8tr8Q7giT99FmwL2pofiCyaxgN9Da56g2iI7OkCy8fA3Ar344aN7bmfdUGEhqXye4Cw0kK_dNxju_TIDZ9ijFNXrBBa3dMNmiPWOXybNaalB63RQXwN7adWjnKPvSafHDk5Zs2vg74z1HWcmm3zavRj0Lg9z-fRhU_5PFg3XgJfwE0ZIai2_5FijM3ngoWQgcX6tr8CpY8AVc9Rf5UhExTZgcIH-N7dHqWX8b4yeIn4AnSXV8XAGB2oIPUIltXZW2WgmkIKLgKxHkJQrIRHWEIV36JKBakcafSKxVq11vkwF0WnKD4pzwHqruEuzEL2b0WCbIfNo2U-YGlvmKV28iiB4i7pifIhHXyB_F0PUQgVBVyMpJ74XeT9c56T0zqcHLBBvqqTmaQsnUENcIgP9BM_-jpAe1QV2yhncp3WQwbNVJulKzGuY2bDVuVVe4S4Kt7TrCkYz3CMuA7h-SxqrkvzUIRvzTplY0sttj8pHCQO1EEXGGKgQX2OJ68Yx1TwcBTeZxJvj8Jiq6YhjuThQfm6gHaL7obzskItlnq_1Qhw147J6UfezTMnW2F-LLJ6Ik9yccpmfMSdiPNaLRKzPWdxuM09-OxPMs8pshXuUm1I7-hYrQaBITuw4LqqxvlXVO3v3xJ15oqina-EqVfOb3ICBrFxXKZ07fCBlcoZvgNZvR-W21wEIYN1heVeFjywZuIRWflh3Ys4ePPErIc1bosnshDFzbiyWECgsfZAdogay4QI9k4FYhN00c5E9NHjX_K66HtWbOz4wX2X2g4m5YEyCMMVpkRwzBXFxO1A3BMGC_I1bqNVdTLRCZ5uxo8mfpQZQbM-g7T9lhY6-fatD_cF9M1VwqXZeQXL3IJ09bTMLVKqrdd7wtguNhKvR1QJudaMSUgtML5THyiKIYf50lNmNA0PLpwH7PZ3eHFs8ExUDXmPsmzeNYUe98WEdMPZNXyJ8LHVeMCbzAvB2HOnAhSEe7it7GIN55wmMTLmKATXHsVer_L1OhfH-zkYGyAofBnN-4jtDL8SYZ3yU5ogQU9X05rV-V0ByiU2ieirL7rlff9vhH1Vqd4odLQgIVJrcdIjcoMjw0qm0HJm_OKGBIoQgqDV7djZq85Ip8u1D__CJn6p1VyomGQX3pvI5BXCPVqt6Mx9GH1Y4gJXTpOX5fUIvtmCD4cN6-YBc4l9MHdKpgg10RhIpQOXcquQl2IrrokRgCqoY5R-Ck2zUBMDhlfzYr1CCvS9sb-xNOnjLeq0CuqC1ZJkbGp39co6NEuv2-TN2oVS4ebitdPoCAaByEAofTsGJmTCSttz0uMpoHy32GiKFSgD6WWAT4wAw0Kym54zKUlt2zVHdEkCXrnwhGfQbI9RRUvS8QeoVvBQfFUZ7ncJ1Vckn7NAASM1Z2jZ-AwugH-e1MojTUUh1qvu3OTt2xFPcUv-mj-wpwVn4ZaseWZ6ylso7kH2Z-Yesgloy3-XRpI37mjk4oQqeCe2MuVwQDb7VfEPDjHNZ7Pd_GQfSKx2yyvx_JsxxZyMUIyf81zc0AM0o_dcza5zVYkCPfJ8OVu7J6xLota6RjkiQAMsxBxGNct2pTAGMg0nU7sOpHRfE5jlap1kHFXUi1mF2-i1E3E5PW18uo_BWVxQkbEF-u760s4wTbrIfyiIvev4FLVal8aPyylrC4ANTUY5LJoZWjkRkAXEk8T3bAG00QRrpNqovEuBQ5FLveugVGIKX6Xooye7Qj93g2t57nCi4K0_TmLepRq-HUBTdfu75iCTaq3pHJNaZENtUL7G-SsSgWNl7JT4tqRj6EuPxELnSqSbybmcMftrcZRxnrHmoR_t8TC49T8BgGeZ8yhCyBJRAAPEVBCD-LjBlpOUErkJ0FcVHJjmFs6GDvC-acxUksIyXF8BgRt0PSksZtameqCcLq4fpqc92KPF8CS2k-UILpYOyt-p5vsq7k5xpjDXaTLh0Lj9xd6yapx06LT2uUCaNko7eyyT_iL_OnRBXi4Gy49R7N2Sd-70ZLNrnbBU_N3CITx7C06ZxOZg8ZpPWM22LI8TvO-tvdxaMcoMMk6J_pateh9nEMi-5505dooZP0ycApqBA4tLd-c6KlK_WIf738a0dk7rnPmaG8xQp3PCRJqe0gOM4njh2VhY9hOapcAMMLnWn4nblWnAqHWegnZRB3ZNA68MSO8cAAMUP_TEq8MrvJfgwW5BwrX9i8Eou0AyzCcbso5WzunxR9DQCDehz8z55ah7WSqtSC3Oa44WUeyzw93qRlhLxveGhptF6ZOae8wXy4GLpHON1FxYlhloIEgI4swKJKWYNU4RF9xXh0SR0OoIT8mQsSIrPNeW8x1DKaZyd0FiPFcmwP5UUsGtF3ZM6d6mT4qEoYaiL1EoHhI_dX2Pxlwo7GR7iP5ssREF9GXgYOfAq6-3n&cid=CAASEuRoVCq7mny1MeFUsltnUOKing&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d3353f452979504a9df351155b22cadf9d7fedd6fc27168958c7ce5ad5b76af3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24545 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 0A52	42 B 63 B	43ms 38ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DTm6EMfHNQzcrNV-LcZUZyAe9RbrnvVcWTtPlq3e1hs4uECBDLp329ua1vewA6iBdKIXtWrJkEpyGnXlnUJRZL1FYZGUokn26gDvfQb3i1dhrOS2s Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0A52	2 KB 1 KB	11ms 7ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:23:15 GMT content-encoding gzip x-content-type-options nosniff age 400 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:23:15 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 0A52	121 KB 37 KB	61ms 29ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl server sffe etag "1622656031336809" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 x-content-type-options nosniff accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37735 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:55 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0A52	13 KB 6 KB	10ms 7ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:16:59 GMT content-encoding gzip x-content-type-options nosniff age 776 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5635 x-xss-protection 0 server cafe etag 1091097466425408374 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:16:59 GMT
GET H3-29	204	l www.google.com/ads/measurement/ Frame 0A52	0 0	23ms 21ms	Image text/html	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ4nJsFS4E44LiPLwtM1CUk_zBhLlpBg50aatYRFiWEJ4IjOsOsvYUAlTYV580j3wp46jeZEY95QFzmrusgO6h83YkJPg Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H2	200	express_html_inpage_rendering_lib_200_271.js Show response s0.2mdn.net/879366/ Frame 0A52	111 KB 39 KB	44ms 8ms	Script text/javascript	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 14:24:06 GMT content-encoding gzip x-content-type-options nosniff age 83149 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39287 x-xss-protection 0 last-modified Wed, 14 Oct 2020 18:02:50 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * expires Fri, 04 Jun 2021 14:24:06 GMT
GET H3-29	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame 0A52	8 KB 3 KB	8ms 6ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CHe1puxXsCmZH1p765Py-RxpA3u4htjAG_k-TG7DYzIkQPxbFdWO0M2gchPUm5MegFNs5XhrABVFxgCCq_QD5xZej7ka6BS_M0d00dQonhMZ27FZDA2bKYAFDv_dTKarmPV4-ovWSYyb7Q7CmmhL2xbyqOqA&dbm_d=AKAmf-AqalS7nUUXvdaWWWe_qJrj_4VZ8U7WvKyEOTaqLy_vbYaQCuB4fgQ_EVel2cWpjqSfDweuMUxTP8i0ZcwTW_2cN95cHjowxa4Vlw_SUO-8iMhl7RPaIE9cAocHWRWip2caXNi0W8MI0Z3Tx-yfHZ8NWOxwt0CMgJpCCGtADxqpow_-qsHG9CywhqXj0twZPCRgU6mL1SX4oFycPKl88WDRagza-cZ_prBIP6aHC3x75CiCkBqaq1WBwy4mHwQc6M1Rp8pzpZLUiW4MWPtGJOKMklX5w32HvYl2JtVhzGpkJGrYAAkJX2pR__uIAoX1K5O3YYkh-JuadOy3jiMlkmSnasRxaVpIRW1J9L4Qn1TGkz_r0xszHEH3q85OC65VLlBOQrBj3zpSx7Xi0y2CC7u7C7pjE4zjVVh5aXY6OgmyUM4r45Kw0Wpkm5k5Zjp4zSuwUtoicoL_AzpMSP3ImpMmJewsVbmMEj0oHwcbmXSCI5Horh1AGzYPZPsudrQ7YihliXoFsIlGDO917CITQ71qqJyWZoVI1bOyWDA-zfunoRmQvBHTlF8FTWAG_p2mLZwkTq6X7C8i2uETulTMe9yG2OPdTkun1Z_v1orwXTO11ngajaAyVnR4hsPBmoh1U56BIfMzfk8HCZLBPhNKPNnXQTRpF1825fT9sMVnrRJhqdXRQW-3G8Gg7Yl6EtGBNgbGOYN51Eu-E0mCXXhVD8oUALDQCXHQD81yaX6Ego2_ztlPsXSkl_7FTZFuIFVfNFfS1HGoPP5tkXrd8tr8Q7giT99FmwL2pofiCyaxgN9Da56g2iI7OkCy8fA3Ar344aN7bmfdUGEhqXye4Cw0kK_dNxju_TIDZ9ijFNXrBBa3dMNmiPWOXybNaalB63RQXwN7adWjnKPvSafHDk5Zs2vg74z1HWcmm3zavRj0Lg9z-fRhU_5PFg3XgJfwE0ZIai2_5FijM3ngoWQgcX6tr8CpY8AVc9Rf5UhExTZgcIH-N7dHqWX8b4yeIn4AnSXV8XAGB2oIPUIltXZW2WgmkIKLgKxHkJQrIRHWEIV36JKBakcafSKxVq11vkwF0WnKD4pzwHqruEuzEL2b0WCbIfNo2U-YGlvmKV28iiB4i7pifIhHXyB_F0PUQgVBVyMpJ74XeT9c56T0zqcHLBBvqqTmaQsnUENcIgP9BM_-jpAe1QV2yhncp3WQwbNVJulKzGuY2bDVuVVe4S4Kt7TrCkYz3CMuA7h-SxqrkvzUIRvzTplY0sttj8pHCQO1EEXGGKgQX2OJ68Yx1TwcBTeZxJvj8Jiq6YhjuThQfm6gHaL7obzskItlnq_1Qhw147J6UfezTMnW2F-LLJ6Ik9yccpmfMSdiPNaLRKzPWdxuM09-OxPMs8pshXuUm1I7-hYrQaBITuw4LqqxvlXVO3v3xJ15oqina-EqVfOb3ICBrFxXKZ07fCBlcoZvgNZvR-W21wEIYN1heVeFjywZuIRWflh3Ys4ePPErIc1bosnshDFzbiyWECgsfZAdogay4QI9k4FYhN00c5E9NHjX_K66HtWbOz4wX2X2g4m5YEyCMMVpkRwzBXFxO1A3BMGC_I1bqNVdTLRCZ5uxo8mfpQZQbM-g7T9lhY6-fatD_cF9M1VwqXZeQXL3IJ09bTMLVKqrdd7wtguNhKvR1QJudaMSUgtML5THyiKIYf50lNmNA0PLpwH7PZ3eHFs8ExUDXmPsmzeNYUe98WEdMPZNXyJ8LHVeMCbzAvB2HOnAhSEe7it7GIN55wmMTLmKATXHsVer_L1OhfH-zkYGyAofBnN-4jtDL8SYZ3yU5ogQU9X05rV-V0ByiU2ieirL7rlff9vhH1Vqd4odLQgIVJrcdIjcoMjw0qm0HJm_OKGBIoQgqDV7djZq85Ip8u1D__CJn6p1VyomGQX3pvI5BXCPVqt6Mx9GH1Y4gJXTpOX5fUIvtmCD4cN6-YBc4l9MHdKpgg10RhIpQOXcquQl2IrrokRgCqoY5R-Ck2zUBMDhlfzYr1CCvS9sb-xNOnjLeq0CuqC1ZJkbGp39co6NEuv2-TN2oVS4ebitdPoCAaByEAofTsGJmTCSttz0uMpoHy32GiKFSgD6WWAT4wAw0Kym54zKUlt2zVHdEkCXrnwhGfQbI9RRUvS8QeoVvBQfFUZ7ncJ1Vckn7NAASM1Z2jZ-AwugH-e1MojTUUh1qvu3OTt2xFPcUv-mj-wpwVn4ZaseWZ6ylso7kH2Z-Yesgloy3-XRpI37mjk4oQqeCe2MuVwQDb7VfEPDjHNZ7Pd_GQfSKx2yyvx_JsxxZyMUIyf81zc0AM0o_dcza5zVYkCPfJ8OVu7J6xLota6RjkiQAMsxBxGNct2pTAGMg0nU7sOpHRfE5jlap1kHFXUi1mF2-i1E3E5PW18uo_BWVxQkbEF-u760s4wTbrIfyiIvev4FLVal8aPyylrC4ANTUY5LJoZWjkRkAXEk8T3bAG00QRrpNqovEuBQ5FLveugVGIKX6Xooye7Qj93g2t57nCi4K0_TmLepRq-HUBTdfu75iCTaq3pHJNaZENtUL7G-SsSgWNl7JT4tqRj6EuPxELnSqSbybmcMftrcZRxnrHmoR_t8TC49T8BgGeZ8yhCyBJRAAPEVBCD-LjBlpOUErkJ0FcVHJjmFs6GDvC-acxUksIyXF8BgRt0PSksZtameqCcLq4fpqc92KPF8CS2k-UILpYOyt-p5vsq7k5xpjDXaTLh0Lj9xd6yapx06LT2uUCaNko7eyyT_iL_OnRBXi4Gy49R7N2Sd-70ZLNrnbBU_N3CITx7C06ZxOZg8ZpPWM22LI8TvO-tvdxaMcoMMk6J_pateh9nEMi-5505dooZP0ycApqBA4tLd-c6KlK_WIf738a0dk7rnPmaG8xQp3PCRJqe0gOM4njh2VhY9hOapcAMMLnWn4nblWnAqHWegnZRB3ZNA68MSO8cAAMUP_TEq8MrvJfgwW5BwrX9i8Eou0AyzCcbso5WzunxR9DQCDehz8z55ah7WSqtSC3Oa44WUeyzw93qRlhLxveGhptF6ZOae8wXy4GLpHON1FxYlhloIEgI4swKJKWYNU4RF9xXh0SR0OoIT8mQsSIrPNeW8x1DKaZyd0FiPFcmwP5UUsGtF3ZM6d6mT4qEoYaiL1EoHhI_dX2Pxlwo7GR7iP5ssREF9GXgYOfAq6-3n&cid=CAASEuRoVCq7mny1MeFUsltnUOKing&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:39 GMT content-encoding gzip x-content-type-options nosniff age 16 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3124 x-xss-protection 0 server cafe etag 4537136162986801320 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:29:39 GMT
GET H3-29	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 0A52	22 KB 8 KB	10ms 9ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CHe1puxXsCmZH1p765Py-RxpA3u4htjAG_k-TG7DYzIkQPxbFdWO0M2gchPUm5MegFNs5XhrABVFxgCCq_QD5xZej7ka6BS_M0d00dQonhMZ27FZDA2bKYAFDv_dTKarmPV4-ovWSYyb7Q7CmmhL2xbyqOqA&dbm_d=AKAmf-AqalS7nUUXvdaWWWe_qJrj_4VZ8U7WvKyEOTaqLy_vbYaQCuB4fgQ_EVel2cWpjqSfDweuMUxTP8i0ZcwTW_2cN95cHjowxa4Vlw_SUO-8iMhl7RPaIE9cAocHWRWip2caXNi0W8MI0Z3Tx-yfHZ8NWOxwt0CMgJpCCGtADxqpow_-qsHG9CywhqXj0twZPCRgU6mL1SX4oFycPKl88WDRagza-cZ_prBIP6aHC3x75CiCkBqaq1WBwy4mHwQc6M1Rp8pzpZLUiW4MWPtGJOKMklX5w32HvYl2JtVhzGpkJGrYAAkJX2pR__uIAoX1K5O3YYkh-JuadOy3jiMlkmSnasRxaVpIRW1J9L4Qn1TGkz_r0xszHEH3q85OC65VLlBOQrBj3zpSx7Xi0y2CC7u7C7pjE4zjVVh5aXY6OgmyUM4r45Kw0Wpkm5k5Zjp4zSuwUtoicoL_AzpMSP3ImpMmJewsVbmMEj0oHwcbmXSCI5Horh1AGzYPZPsudrQ7YihliXoFsIlGDO917CITQ71qqJyWZoVI1bOyWDA-zfunoRmQvBHTlF8FTWAG_p2mLZwkTq6X7C8i2uETulTMe9yG2OPdTkun1Z_v1orwXTO11ngajaAyVnR4hsPBmoh1U56BIfMzfk8HCZLBPhNKPNnXQTRpF1825fT9sMVnrRJhqdXRQW-3G8Gg7Yl6EtGBNgbGOYN51Eu-E0mCXXhVD8oUALDQCXHQD81yaX6Ego2_ztlPsXSkl_7FTZFuIFVfNFfS1HGoPP5tkXrd8tr8Q7giT99FmwL2pofiCyaxgN9Da56g2iI7OkCy8fA3Ar344aN7bmfdUGEhqXye4Cw0kK_dNxju_TIDZ9ijFNXrBBa3dMNmiPWOXybNaalB63RQXwN7adWjnKPvSafHDk5Zs2vg74z1HWcmm3zavRj0Lg9z-fRhU_5PFg3XgJfwE0ZIai2_5FijM3ngoWQgcX6tr8CpY8AVc9Rf5UhExTZgcIH-N7dHqWX8b4yeIn4AnSXV8XAGB2oIPUIltXZW2WgmkIKLgKxHkJQrIRHWEIV36JKBakcafSKxVq11vkwF0WnKD4pzwHqruEuzEL2b0WCbIfNo2U-YGlvmKV28iiB4i7pifIhHXyB_F0PUQgVBVyMpJ74XeT9c56T0zqcHLBBvqqTmaQsnUENcIgP9BM_-jpAe1QV2yhncp3WQwbNVJulKzGuY2bDVuVVe4S4Kt7TrCkYz3CMuA7h-SxqrkvzUIRvzTplY0sttj8pHCQO1EEXGGKgQX2OJ68Yx1TwcBTeZxJvj8Jiq6YhjuThQfm6gHaL7obzskItlnq_1Qhw147J6UfezTMnW2F-LLJ6Ik9yccpmfMSdiPNaLRKzPWdxuM09-OxPMs8pshXuUm1I7-hYrQaBITuw4LqqxvlXVO3v3xJ15oqina-EqVfOb3ICBrFxXKZ07fCBlcoZvgNZvR-W21wEIYN1heVeFjywZuIRWflh3Ys4ePPErIc1bosnshDFzbiyWECgsfZAdogay4QI9k4FYhN00c5E9NHjX_K66HtWbOz4wX2X2g4m5YEyCMMVpkRwzBXFxO1A3BMGC_I1bqNVdTLRCZ5uxo8mfpQZQbM-g7T9lhY6-fatD_cF9M1VwqXZeQXL3IJ09bTMLVKqrdd7wtguNhKvR1QJudaMSUgtML5THyiKIYf50lNmNA0PLpwH7PZ3eHFs8ExUDXmPsmzeNYUe98WEdMPZNXyJ8LHVeMCbzAvB2HOnAhSEe7it7GIN55wmMTLmKATXHsVer_L1OhfH-zkYGyAofBnN-4jtDL8SYZ3yU5ogQU9X05rV-V0ByiU2ieirL7rlff9vhH1Vqd4odLQgIVJrcdIjcoMjw0qm0HJm_OKGBIoQgqDV7djZq85Ip8u1D__CJn6p1VyomGQX3pvI5BXCPVqt6Mx9GH1Y4gJXTpOX5fUIvtmCD4cN6-YBc4l9MHdKpgg10RhIpQOXcquQl2IrrokRgCqoY5R-Ck2zUBMDhlfzYr1CCvS9sb-xNOnjLeq0CuqC1ZJkbGp39co6NEuv2-TN2oVS4ebitdPoCAaByEAofTsGJmTCSttz0uMpoHy32GiKFSgD6WWAT4wAw0Kym54zKUlt2zVHdEkCXrnwhGfQbI9RRUvS8QeoVvBQfFUZ7ncJ1Vckn7NAASM1Z2jZ-AwugH-e1MojTUUh1qvu3OTt2xFPcUv-mj-wpwVn4ZaseWZ6ylso7kH2Z-Yesgloy3-XRpI37mjk4oQqeCe2MuVwQDb7VfEPDjHNZ7Pd_GQfSKx2yyvx_JsxxZyMUIyf81zc0AM0o_dcza5zVYkCPfJ8OVu7J6xLota6RjkiQAMsxBxGNct2pTAGMg0nU7sOpHRfE5jlap1kHFXUi1mF2-i1E3E5PW18uo_BWVxQkbEF-u760s4wTbrIfyiIvev4FLVal8aPyylrC4ANTUY5LJoZWjkRkAXEk8T3bAG00QRrpNqovEuBQ5FLveugVGIKX6Xooye7Qj93g2t57nCi4K0_TmLepRq-HUBTdfu75iCTaq3pHJNaZENtUL7G-SsSgWNl7JT4tqRj6EuPxELnSqSbybmcMftrcZRxnrHmoR_t8TC49T8BgGeZ8yhCyBJRAAPEVBCD-LjBlpOUErkJ0FcVHJjmFs6GDvC-acxUksIyXF8BgRt0PSksZtameqCcLq4fpqc92KPF8CS2k-UILpYOyt-p5vsq7k5xpjDXaTLh0Lj9xd6yapx06LT2uUCaNko7eyyT_iL_OnRBXi4Gy49R7N2Sd-70ZLNrnbBU_N3CITx7C06ZxOZg8ZpPWM22LI8TvO-tvdxaMcoMMk6J_pateh9nEMi-5505dooZP0ycApqBA4tLd-c6KlK_WIf738a0dk7rnPmaG8xQp3PCRJqe0gOM4njh2VhY9hOapcAMMLnWn4nblWnAqHWegnZRB3ZNA68MSO8cAAMUP_TEq8MrvJfgwW5BwrX9i8Eou0AyzCcbso5WzunxR9DQCDehz8z55ah7WSqtSC3Oa44WUeyzw93qRlhLxveGhptF6ZOae8wXy4GLpHON1FxYlhloIEgI4swKJKWYNU4RF9xXh0SR0OoIT8mQsSIrPNeW8x1DKaZyd0FiPFcmwP5UUsGtF3ZM6d6mT4qEoYaiL1EoHhI_dX2Pxlwo7GR7iP5ssREF9GXgYOfAq6-3n&cid=CAASEuRoVCq7mny1MeFUsltnUOKing&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:27:54 GMT content-encoding gzip x-content-type-options nosniff age 121 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8594 x-xss-protection 0 server cafe etag 7958287194716579593 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:27:54 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame DA71 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1	43 B 1014 B	37ms 18ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:55 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Fri, 04 Jun 2021 13:29:55 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame DA71 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YLoq010Pv-Y0P2ZRl.sV.gAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1&google_hm=2	43 B 894 B	28ms 19ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1&google_hm=2 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:55 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Fri, 04 Jun 2021 13:29:55 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQKDXBf7f_T0kTEwO5FdJ8&google_cver=1&google_hm=2 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 329 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame DA71 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEN8BnnxQnx-l42oUeTufrTM&google_cver=1	43 B 1023 B	36ms 33ms	Image image/gif	185.33.220.240 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=101&code=CAESEN8BnnxQnx-l42oUeTufrTM&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:55 GMT X-Proxy-Origin 91.207.172.86; 91.207.172.86; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.139:80 AN-X-Request-Uuid 236cd39f-4811-4e79-9b85-a98e7316db02 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://ib.adnxs.com/setuid?entity=101&code=CAESEN8BnnxQnx-l42oUeTufrTM&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 290 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame DA71 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI3ODU0NDA3ODgwODgzMTM3MQ%3D%3D	170 B 188 B	60ms 27ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI3ODU0NDA3ODgwODgzMTM3MQ%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7uCEGzAB&v=APEucNVI6awb0ZVWWMKqMzw58t2kKx_qE1cj6aoiBYz2NSdq_OUkMHr_w5IXxYEMg08kFVxAf4IdKAFKEEF-KOO2ezHhD1uTGgro3Ax1ZMlXqYwGsNWSPQGoU0WHBuKKYFL_cOgi5nccxEt6qPwg2e1On7W0JSZxFam5akDjVviu79daWAdX164tKO74k4HsQlC9zMSEtIrLPMhzsRRzWdFr9KJa1j9y9Q Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:55 GMT X-Proxy-Origin 91.207.172.86; 91.207.172.86; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.117:80 AN-X-Request-Uuid 675aec2e-8bf2-4f7c-af01-4694985e7242 Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI3ODU0NDA3ODgwODgzMTM3MQ%3D%3D Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3-29	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 0A52	41 KB 15 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 06:53:37 GMT content-encoding gzip x-content-type-options nosniff age 23778 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 04 Jun 2022 06:53:37 GMT
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame 597E	1 KB 749 B	6ms 6ms	Document text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Fri, 04 Jun 2021 03:04:19 GMT expires Sat, 05 Jun 2021 03:04:19 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 37536 cache-control public, max-age=86400 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame 0A52	216 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d99b699e7afb2ac6b3af964f17709c872de2931f495d3e7c49e5b74ae05e1078 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	sfht0if3y.js Show response cdn.krxd.net/controltag/ Frame 0A52	10 KB 4 KB	39ms 10ms	Script text/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.krxd.net/controltag/sfht0if3y.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash c2423cbc3081a6d26022031366660f7900aa5cb280fd91f7a3b80777332b1a54 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-cdn-backend 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 varnish, 1.1 varnish age 814 x-cache MISS, HIT, HIT x-app-cache HIT x-age 0 content-encoding gzip content-length 3673 x-served-by config-service-a003-ash-prod.krxd.net, cache-bwi5145-BWI, cache-hhn4080-HHN x-response-time 1 x-do-esi esi x-timer S1622813396.617805,VS0,VE0 etag "8595c2bfd40270513d3f71e8843150475690db95" vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control public, max-age=1200 accept-ranges bytes x-cache-hits 0, 1, 886
GET H3-29	200	index.html Show response s0.2mdn.net/4528516/1495443094807458/ Frame E30A	7 KB 3 KB	39ms 6ms	Document text/html	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/4528516/1495443094807458/index.html Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6cb6951f2ebd238c4fff8551b846e244fbe423a0e2782bb494f4fd80cdc360f7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority s0.2mdn.net :scheme https :path /4528516/1495443094807458/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html access-control-allow-origin * cross-origin-resource-policy cross-origin content-length 2669 date Thu, 03 Jun 2021 22:31:40 GMT expires Fri, 04 Jun 2021 22:31:40 GMT last-modified Mon, 17 May 2021 09:21:01 GMT x-content-type-options nosniff server sffe x-xss-protection 0 age 53895 cache-control public, max-age=86400 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	view googleads4.g.doubleclick.net/pcs/ Frame 0A52	0 575 B	69ms 32ms	Ping image/gif	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvKUOCui7bBJxpKzUlLlre00L5xOq7bbZCuqsSvW3nveZV-ZjLwyomAzzJ2rqmwojyxTsrIKtPYBxEB66u52O5XOyVB-uB_jl_MdEwnEslv5nKIwCS3Wp0o4RR4QRiG7J9ghyLhWJCRJJcPZtE9JTOrjPk2nmD72EtlQz8BqVeM-KFiOW9m6MscztpG_Va9n3bayG75feavC6_g4Kk9vF5UUMPTNCadkouKW7G0XgAOLyznIbJB1NMGYxZ5to-HiXmSDwULuIUhze9n6Yve1Db5Au9oIHbey_EQGCBxpytI74Feebd9a8C5go6oqo9UC7By96FtgOuYoA00aaAXXC_2HXTIWklLUMVJfUh8RN71IiWQCO4gpOcGWudXRCVVCYf3eotbwAStcsSqstEKwnPF7KujYhlbcgkAzCPkRcj-iaNodmb0geChvJ4Ebp0ITT2POA_5FO7bFgE3C6qwVtbAe5WILvAsVC07QdOZ5tfJVrA3A8QHrgnbkwAIkYK66LkMkSmyWfE1hkf0G9J31p7JpVzMuw-LThT95g18vE3iMAYi2bYVoeZEM9DVX7nKU4Nv2bhwo5eYyjSYVaCu9jvlrbPpJSp490Ph34Y-bPM8qKTlu4yj4q5XkzXaJgsE_-XiDAhR9PeWwEEO66jAQm-p8dK7ItVTpXXtZ85WcCarhth4S_GrHTxe1qpMqKVKs3496pv4U9zxRuG2ghsSzQVC_6kcrrk8H75aQiwMYQ3WTD3fL7CiJeHC7zbC6h_N81HB_9wozhR1zZvTUG0NhRQORffUE8485YNY7Q90ZiIHZ7-3Of6FJU11unou9Bwvo7y77kelFXXoJJlW2-Sph_mBT7UTvbLOa7n4VZeZRpHb_CSoI8yyaqxQJJ9ol3miQNLtuAQbUPaY0oR22ISeqcQSV9bfgN7cRUKV5iQuIJqrEfUYFDlk2dzEi2y7atVzjIkgKfPEao3UXdn6n4v7vmn3PtJpsxuux2d0o0J5eAevxP3K6PhO4jcYgsTa7JdcAPvdtNnaXAKrqgyMUhgvHM0YdgWGk0MB3EjLCPhqdGhm9FhpgRYZMmPqQMI7rAuDq1Jk5J9QAQwI2sLzDOGXd1_3hsJYKKll9DQGtAxCoKlFNhOX8crnM-yL-LndwXUuni7PGO8j8FzCLCKKNKc7e1doF_CMWqqUB4j3_FgAE3ClzCb1v3TTMNN65CvR6-KoVljajDfh-kRzcrG4bhfMq9X31piYShXigZKzcugZp2ypsT9hA0vLYb8UZS4BmYLxa6yQQg&sai=AMfl-YSgIYMRHTc_lPJKbe4dazjK71T5jwfanjdG1rtgLYlZu2zkM8eMLeQ7WDhbZ4Hf72kDYe_UZuElPphmlnegrHT0TdmdG4X3_Q3URXMve86EK-2WZVmGirlSAhXywQ3DS7AeGzjoNjEWmaFdtY3cMg9Gc2Qo7A&sig=Cg0ArKJSzIoZFI5fl-R0EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=183&cbvp=1&cstd=176&cisv=r20210601.96524&adurl= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version date Fri, 04 Jun 2021 13:29:55 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3-29	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 9882	22 KB 8 KB	11ms 7ms	Document text/html	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/Enqz_20U.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 8395 date Fri, 04 Jun 2021 06:53:39 GMT expires Sat, 04 Jun 2022 06:53:39 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 23776 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	container.html Show response 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B58B	6 KB 3 KB	8ms 8ms	Document text/html	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://returnsandrefund.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://returnsandrefund.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Fri, 04 Jun 2021 13:29:50 GMT expires Sat, 04 Jun 2022 13:29:50 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 5 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 54 B	11ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI3NDMyMzYwMzAxNDA5YWU2OTViYTI1NWYxNmZiY2YwNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI3NDMyMzYwMzAxNDA5YWU2OTViYTI1NWYxNmZiY2YwNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDIsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0= pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H2	200	28687274 Show response g.ezoic.net/dac/	0 17 B	14ms 12ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/dac/28687274 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * date Fri, 04 Jun 2021 13:29:55 GMT cache-control max-age=3600, public server nginx/1.16.0 content-length 0 vary Accept-Encoding content-type text/plain
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	11ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	10ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjExMDAsImJpZF9mbG9vcl9wcmV2IjoyMDAsImJpZF9mbG9vcl9maWxsZWQiOjIwLCJhdWN0aW9uX2NvdW50Ijo0LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0ODQsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ== Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTYsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjExMDAsImJpZF9mbG9vcl9wcmV2IjoyMDAsImJpZF9mbG9vcl9maWxsZWQiOjIwLCJhdWN0aW9uX2NvdW50Ijo0LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0ODQsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ== pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:55 UTC
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEN8M17x5m2ruH39KjWRbBms&google_cver=1&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ... https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ_JgNw-PZ-ptM	170 B 188 B	24ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ_JgNw-PZ-ptM Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Date Fri, 04 Jun 2021 13:29:55 GMT Server MT3 3759 5f8f15b master zrh-pixel-x27 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AQvitUKwelBh4aQ4ayHq_onkICCPfPeLY3F4cynZEvgnw2tjeP7ZxrQRCZ6lVFcL9gNx3mWTLPAOYF84JHfvxLrZ_JgNw-PZ-ptM Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 0 Expires Fri, 04 Jun 2021 13:29:54 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEHE-5bYw5LIDoSOjem1RkRQ&google_cver=1&google_push=AQvitUKO2TnNerzkPd3b2so8qmQBYpd0GXHUaTiBKCH1cfr-8vsayWKpLHrHAMgYlCD6ZJXAuni... https://sync.tidaltv.com/genericusersync.ashx?dpid=glrdr&google_gid=CAESEHE-5bYw5LIDoSOjem1RkRQ&google_cver=1&google_push=AQvitUKO2TnNerzkPd3b2so8qmQBYpd0GXHUaTiBKCH1cfr-8vsayWKpLHrHAMgYlCD6ZJXAuni... https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=kal3VYPESEOqHOkBMq2R_g&gdpr=1&gdpr_consent=	170 B 188 B	23ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=kal3VYPESEOqHOkBMq2R_g&gdpr=1&gdpr_consent= Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server Apache-Coyote/1.1 location https://cm.g.doubleclick.net/pixel?google_nid=lucid1&google_push&google_hm=kal3VYPESEOqHOkBMq2R_g&gdpr=1&gdpr_consent= cache-control no-cache, no-store, max-age=0, must-revalidate content-length 0 x-xss-protection 1; mode=block expires 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://ads.travelaudience.com/google_pixel?google_gid=CAESEOR1rCTtEx67G6c-NB0S-zs&google_cver=1&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla... https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ExzPCgztTtGNIZFl5tzPDQ2&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla7If4RLYYm64	170 B 188 B	28ms 27ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ExzPCgztTtGNIZFl5tzPDQ2&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla7If4RLYYm64 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 google x-engine-version 0.0.0 server nginx/1.15.12 p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC" location https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ExzPCgztTtGNIZFl5tzPDQ2&google_push=AQvitUKBzxZztoccA5evEeVeGV4hdP-teRKiZWQ27IiFxnLQodPIM6ZWBvBRycF3jEVzmEJDP1d4fVFYHC_9OPla7If4RLYYm64 x-host tde-deliveryengine-production-59d9f4c68d-9vngk alt-svc clear content-length 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIUkUp83pkCNMTs-45E8HUQ&google_cver=1&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGR... https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIUkUp83pkCNMTs-45E8HUQ&google_cver=1&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqG... https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_&google_hm=IL-zSczZQ5GDLgqZbcHLpg==	170 B 188 B	26ms 24ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_&google_hm=IL-zSczZQ5GDLgqZbcHLpg== Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AQvitUId0kurubRuaswNkC6lR50N9ZTNN5rPFjrWit4SSHKK93ro6JUAeZ010WkeMhAGMrKZ-17vSgX9NhtCqGTbuzGRKZIt0vo_&google_hm=IL-zSczZQ5GDLgqZbcHLpg== date Fri, 04 Jun 2021 13:29:55 GMT cache-control no-cache, no-store, must-revalidate content-length 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEDg9JZGlJXmeG59ic9IsldE&google_cver=1&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZ... https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZxyIcea-sZCYkZoOmZwpw28uRzs3arTR&google_hm=QWp0YU1jWlpadEstNHl2THht...	170 B 188 B	24ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZxyIcea-sZCYkZoOmZwpw28uRzs3arTR&google_hm=QWp0YU1jWlpadEstNHl2THhtV05vcnc= Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Location //cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AQvitULuECVNrTDlq8iSlsxHX4Frp_hLlZOOWxvujzbb_NgiSgl0x_aZC8BMRKCvJxLMZxyIcea-sZCYkZoOmZwpw28uRzs3arTR&google_hm=QWp0YU1jWlpadEstNHl2THhtV05vcnc= Date Fri, 04 Jun 2021 13:29:55 GMT Server nginx Connection keep-alive Transfer-Encoding chunked
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 597E Redirect Chain https://rtb.openx.net/sync/dds?google_gid=CAESECzQX0aKrdUMMnXvZwt6Je0&google_cver=1&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX https://rtb.openx.net/sync/dds?google_gid=CAESECzQX0aKrdUMMnXvZwt6Je0&google_cver=1&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&... https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&google_hm=Z5_LAMHKyw8k14gy_mPxfQ==	170 B 188 B	24ms 24ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&google_hm=Z5_LAMHKyw8k14gy_mPxfQ== Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:54 GMT via 1.1 google server Cowboy access-control-allow-origin null vary Origin p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIc1fxRMv1kNRxQQSuskzubTLtq9CFACR_2-TDfFrwwEg-Wt9qG7vc8opa11GJDxM5HspRsLXtuf3IZBG5vJiuvxA2FV2KX&google_hm=Z5_LAMHKyw8k14gy_mPxfQ== access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true alt-svc clear content-length 0 x-request-id spajpigag5gmq7gm8995m9ha53qh4dlt
GET H3-29	200	dot.gif s0.2mdn.net/ Frame 597E	43 B 63 B	32ms 30ms	Image image/gif	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/dot.gif?google_gid=CAESEGIggykG2-IfohGflj13em4&google_cver=1&google_push=AQvitULEe3kxOX3XXx8TMbASJ6byWITsA2hGJ5GwRBze9mHdzIPjPTSLULARPaSy67mIexkXjpXJH9f8OXNiqVWVUAAxH1pXfnODNQ Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT x-content-type-options nosniff last-modified Sun, 01 Feb 2009 08:00:00 GMT server sffe content-type image/gif access-control-allow-origin * cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 43 x-xss-protection 0 expires Sat, 05 Jun 2021 13:29:55 GMT
GET H3-29	204	attr cm.g.doubleclick.net/pixel/ Frame 597E	0 12 B	24ms 21ms	Image text/html	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I9M92USi0-fS9kltQL7dT5jr5Azuvmj2X-lTjnklLY_JW9ZjGgCnBKZ0u-AdzPEJljWR3KyQ Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Show response cdn.krxd.net/ctjs/ Frame 0A52	259 KB 83 KB	9ms 8ms	Script application/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/controltag/sfht0if3y.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash b9b47c8bafc4618d804c7c54ac03c39b29beb9ed5b1e7d9dbadb0f28d71c3d94 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-cdn-backend 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3 date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip age 1341953 x-amz-server-side-encryption AES256 x-cache HIT x-cache-hits 397081 content-length 84451 x-served-by cache-hhn4080-HHN last-modified Thu, 15 Oct 2020 07:09:29 GMT x-timer S1622813396.682718,VS0,VE0 etag "0631b7d64dbbd3656a8b7368ad227a04" content-type application/javascript via 1.1 varnish cache-control public, max-age=315360000 accept-ranges bytes expires Sun, 13 Oct 2030 07:09:28 GMT
GET H2	200	createjs-2015.11.26.min.js Show response code.createjs.com/ Frame E30A	186 KB 48 KB	56ms 21ms	Script text/javascript	2a02:26f0:6c00::210:ba1a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://code.createjs.com/createjs-2015.11.26.min.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495443094807458/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e Request headers Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip server Apache cache-control max-age=900 vary Accept-Encoding content-type text/javascript x-n S accept-ranges bytes expires Fri, 04 Jun 2021 13:44:55 GMT
GET H3-29	200	javascript.js Show response s0.2mdn.net/4528516/1495443094807458/ Frame E30A	21 KB 6 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/4528516/1495443094807458/javascript.js?1618934621992 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495443094807458/index.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4ea893b852ebaf8a4cf79dac93868c3a7641431aab534b8ed234a59e33ed822b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/4528516/1495443094807458/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 23:11:24 GMT content-encoding gzip x-content-type-options nosniff age 51511 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6079 x-xss-protection 0 last-modified Mon, 17 May 2021 09:21:01 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes expires Fri, 04 Jun 2021 23:11:24 GMT
GET H3-29	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame B434	640 B 316 B	41ms 33ms	Document text/html	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority googleads.g.doubleclick.net :scheme https :path /xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US cookie IDE=AHWqTUmH2zYthfLsD9lOgVgGSpiknigYw_9WQwozli_U8dPKbUki3Npvy1Zqw5cUS-o Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Fri, 04 Jun 2021 13:29:55 GMT server cafe cache-control private content-length 295 x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame B58B	59 KB 24 KB	83ms 75ms	Script text/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BKMpEzH1lku_jJNCsho4xxXQBNo9nEZnpyLddEVrNafYGCruGy7f9FgaxteDsF3D6mBb4P6xWzzb2v30eTqsPMVnAjWfMluId49yrtrPc5beeFuLUpsHZfc86oGKHNGWe6muodgoVBHPEOvW7ki6UGm0qhnA&dbm_d=AKAmf-CqrtkjkG8_mWTCaqN5Sck_Jb1N8m9GywpdSVwYtlj5wo3QoTrd5ohwj2LnTHy8sE3zFlrNeGEUC8iMMUlsz8EkIMHMGdCukTxt7l-ZUBSiH2MdjXu2JxidVvof2C_VBieWdFKKdU3dhOEqwOH-GbrcY39pnCkPoT96N_g8y56CUa3ac_AhI-esgNaaqiM7UBlwXslvHpCGRSCV7c8jZb6OPl8mzJ7wu3S1yr538MtKPWWwqibivMyuVD-Fv5Y64k8hXUjxDionJActFQbumGcJl-OFiTxPX4r9NJOL7T9Dzr22beTZDwUtE8WZ0n9w1Cf5T0d6kPd1SsZrNgs6HquMgYLhVETSntS3rtR_NrhUhG_J6lzEbvzRoZOsYP02F_0mmXYgOpTbnTmsnzecfi_hZUITSq6BYRtlSoSdAzQ3OB8WHMEyGKmQQ7ksMcW385xGz1uTvn6cwBvNQ6DVqmbcFfW4leolh2fK1T9R_5pMAU9dVbFAe6hAVm9CGthbuyTLVNRXFmmmkP5oYInDh3Vv2oM5XuK7iLFOB3Kt5hxBYo1E90DElaIJ4VbuHq6xbxUlVuEjhk2eO-bfs6mJkHhjA7Xa1R0wxtKE8nKqLn_vnVei96_rI5bobgSUBJZjuFIVWlsvoEpxF21DMRbtc7Lx-3CmIac5vLrVOC3fo3LwNW52AsvfU_wg2FbKYKnXnZmInYYq9_Qrz6NURYmyDYcf35OFq-pwn6WEbsVot7YVfAsg6VRDARYx1GfnjlQQCEOEzckYG3PFADQHv98uespqI7r1jO5l48f5Dhsg6me-7jLKdt_5X9G3QijVEVr7Z5HVkOU-ibJgx2DDKvzRDpcfCRQvfBZiV9oTwBnZoAdpciJI6mM3EwK2ouLQKG5jKg1vPMsxdYV13kw7Shv8SQvQWoxI1KmFJkiiWqUvqcF9axIGMAZsZpoLsLFcflAE1JYKu9OkUvv84u-WErvd2Cg2LcIqm9pZk3AEVXDeQFpM-s3Vc5kbQKXyuQR7k6sHnASH9_DP4OPiaOuuW1xGrZd22SA2SRo51ny_yu5a8YlXZOrCqxNPzdW2Cqy3ZhSCqUu8PImj8kTNL5ju84zrdwiS5CVmh-0OR2BRbZ-j0v5tVdokGFw6Qr3EF9316E94EQzzPaLLQjKQQWO3-OLtiZx9IXB_AhWzDUMtp4FDcVykSY6DFmMHosJZCAIBcYiucu9d6uhmiQmTFEi62xFKeoziAdkKqIfX56o8eIapO0LsVWihJ9abAYwx6Wy_ccsSrgjQjChkDRnYtk3pVt_W18uPJOpBsa2E22yYsAlJ7L1awiR2HJzlyyjeQ8rYKw1VUnjKkSRYRYEPx_0P8-MZIdpqxDnsPp_ap5a2O8dPFSiiXQqDwdpTalAk_7AWlLo3lCmeLkRcZxwNdglgannjxFNbMPoLfh3gTmI1Z3ul37RRcLeDLmR5NFBxhv9B0fs-72XvS8wcUr2Cl2FX_eAVeZnMHM0peDFfS_Co3BSxIhNoPcCK7gMeoQi_Pm-60vgNlu_hfvgCeggUllyeKRGmcRDvUvEyCVDjwNQVpBzoG2UvDgfU4Kjcxh5bcwaaLVx6CK4oKdJFeo9qZ0x3kFbUIDOxZS6qJg4b76Hc1PV-wSCX-LGSij_0X1pslE70-1Emph7QBjGDgktz-9qURd6RIqqB4JZG8OgqtTdcXoxiGQaGU2Uujwdo0ehLO-MJ5ygxouPCmHrWgbWHM5YWr7-nzeeoaqQ7EYasKbU5oSfFBdGtARCuR8gJOkAgi0RDZm2YzcwwVyRkjiWrKc_nvgfqc1cR2fRi6bx2Uis3hO2TWpFH29cjQNIRg_IAHBWtd5melYQnLTimulSawa6QXtGc0Huo_QEdRAFMxRZXirHhjBj_228M9R1xpUiiOvZV9jIOi35cORVjoVo3cg7a_ORCPcn_SbP9LgX9em2sbKOICJE32JV2zQr6br8sr2qmTRvQPN0pV23cmVCEQF3FjMXSWtiyUyZ4WZkBjXaeElL6x7F4sbkZSuiB9vy5gU8KEt5mRN2a4fvMQgGa741b7OlWDu_ssu7neDhmpusoHVokt1qfEMmxil2HjIrTk_1zEOi9KyktHloEnBgs5N8D35AFcM8JjIuTly8-7HQEVixsTSwC9XbgBW6H3_FNm8pG-__qhojTj3Nse5Ue3I4iN04czuVmR8ovrwS_nWwbZNhVC_uexwnj75die2Kd3Hx5QRxzSZLfyZD3yJaYVq8h1azXPSMf9Wl6EpQt6RUYN3FZWCTJI99I3ft7UaRWnWaswnQmAvZMKYz98KVNAQKgVIRMfHGsKXJfxD3ULAWJcw8W3Fl_UOZqTkU-aGdltTCTOp46TPLb0j1gNPG0REjRysELrbnXOBqyYpVNiHmYB-vZrl5lVkQQk0Mu59IYVDJffVaCCGd6jj1yZ0MgeCPWESMK_0OuuuOAn4qurM6qWGclTVv-QVcA_rWuJqdzjTDUJUZebbOR4xM4CL17yfVrKtimJZqwv1IGxpj2ZilVF1QveB5jYsLAvUqaYYJeqjULM6GALcPhIeO0UTTzZPDkTm2RSdU22t8iFgHvI8gIYyv-Jk0i8EQZPwppa6Sp32IK_hvsDQM9LkNnD02Mh12SfFy5tE1m2J7H0gfnYc_4rHZQOFd_TNoQBK3IOq5BEW3vs9UY1m82WUxbJsInymJVYCr_bwvnC8IPXhzdc3UhDTrKyAnORjbiUYMDY1znUELrwmvbEBNQ1en-QHs6xG6UsEeZsS8sQ_CnL3CXml9lVuv1iNGB19y-KWdjMNL2vsiwGJSU_ort2cyPSf09Y6-73MlbqyfWT-_dNFPGJOPPAf_xzDo3C0GCh-M_PbLyBhPgTBRRntzwa0SSolHVuyA1_gPCJ_AVgr3WPPVysdo8UkfhAKI9Ar9w4HvkDh08vHLlu-mTcMvS7ML78ccjxeIXp5CkVFbjBvZ0qdRvc5XoWVUiooSj0_sFVsOqo63iqgL8ltBor0zSnkY24HZVExhv0qpN0ZDwQ7tpj0fYiXc2s6sjb9barGWDL8d_RpAmUtkcUs1oCZMBGQN-XZ7TfrgieLJWbyD1lUit_xKrCGK6u9TuEq3vGlcq8xQFcE7U0rhtAfsovi445hNndFhKjj9s_fOQ0Uvc2QhEVZEP9UjoIgQo6XOv3D_Z6Lc&cid=CAASEuRoU7G1kK2lvqIsq_RUDdT-ZQ&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash af1920228ca0c39028062c19a2eefb8b34368cbcd0871c2d7185171dfaafda25 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24685 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame B58B	42 B 63 B	53ms 43ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CjMwNrrLag2Bivx-q4TlXKj6Y6QeS6h2-W_Al_zstJJjZoHqVjBTi-Y0Saiyx-uJMOQgaCsLj0skxSgyPsZWdWKS2YR13uCNjVRj8me5Sves5YYWg Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame B58B	2 KB 1 KB	18ms 8ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:23:15 GMT content-encoding gzip x-content-type-options nosniff age 400 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1303 x-xss-protection 0 server cafe etag 14729628269804859526 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:23:15 GMT
GET H3-29	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame B58B	121 KB 37 KB	36ms 32ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 85e1be533dbdd83a22910cbee29a4d1f49d3e8d201f5f480517ecfd6bd282965 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl server sffe etag "1622656031336809" vary Accept-Encoding content-type text/javascript cache-control private, max-age=3000 x-content-type-options nosniff accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37735 x-xss-protection 0 expires Fri, 04 Jun 2021 13:29:55 GMT
GET H3-29	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame B58B	13 KB 6 KB	17ms 12ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:16:59 GMT content-encoding gzip x-content-type-options nosniff age 776 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5635 x-xss-protection 0 server cafe etag 1091097466425408374 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:16:59 GMT
GET H3-29	200	wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Show response pagead2.googlesyndication.com/bg/ Frame 9882	14 KB 6 KB	15ms 8ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 08:41:22 GMT content-encoding br x-content-type-options nosniff age 17313 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5768 x-xss-protection 0 last-modified Mon, 31 May 2021 08:58:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 04 Jun 2022 08:41:22 GMT
GET H2	204	ad_impression.gif beacon.krxd.net/ Frame 0A52	0 338 B	97ms 30ms	Image text/plain	54.171.237.219 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/ad_impression.gif?campaignid=11313517&advertiserid=4528516&placementid=150618923&adid=321276323&creativeid=151285236&siteid=1729994&url=https%3A%2F%2Fbeacon.krxd.net%2Fad_impression.gif&_kpid=af5fc09f-edef-481c-bfa7-696005c6deb3&confid=sfht0if3y Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.171.237.219 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-237-219.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT cache-control private, no-cache, no-store x-request-time D=33 t=1622813395 x-served-by beacon-n009-dub-prod.krxd.net p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
GET H3-29	200	visual.png s0.2mdn.net/4528516/1495443094807458/ Frame E30A	39 KB 39 KB	8ms 7ms	Image image/png	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/4528516/1495443094807458/visual.png?1618934621984 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d520c8d46b9914fc14e4d825cd7cb191a60d18fe5918c472eb1e1f2cfea060ee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/4528516/1495443094807458/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 19:43:16 GMT x-content-type-options nosniff last-modified Mon, 17 May 2021 09:21:01 GMT server sffe age 63999 content-type image/png access-control-allow-origin * cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 40358 x-xss-protection 0 expires Fri, 04 Jun 2021 19:43:16 GMT
POST H3-29	200	view googleads4.g.doubleclick.net/pcs/ Frame 0A52	0 23 B	55ms 25ms	Ping image/gif	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvKUOCui7bBJxpKzUlLlre00L5xOq7bbZCuqsSvW3nveZV-ZjLwyomAzzJ2rqmwojyxTsrIKtPYBxEB66u52O5XOyVB-uB_jl_MdEwnEslv5nKIwCS3Wp0o4RR4QRiG7J9ghyLhWJCRJJcPZtE9JTOrjPk2nmD72EtlQz8BqVeM-KFiOW9m6MscztpG_Va9n3bayG75feavC6_g4Kk9vF5UUMPTNCadkouKW7G0XgAOLyznIbJB1NMGYxZ5to-HiXmSDwULuIUhze9n6Yve1Db5Au9oIHbey_EQGCBxpytI74Feebd9a8C5go6oqo9UC7By96FtgOuYoA00aaAXXC_2HXTIWklLUMVJfUh8RN71IiWQCO4gpOcGWudXRCVVCYf3eotbwAStcsSqstEKwnPF7KujYhlbcgkAzCPkRcj-iaNodmb0geChvJ4Ebp0ITT2POA_5FO7bFgE3C6qwVtbAe5WILvAsVC07QdOZ5tfJVrA3A8QHrgnbkwAIkYK66LkMkSmyWfE1hkf0G9J31p7JpVzMuw-LThT95g18vE3iMAYi2bYVoeZEM9DVX7nKU4Nv2bhwo5eYyjSYVaCu9jvlrbPpJSp490Ph34Y-bPM8qKTlu4yj4q5XkzXaJgsE_-XiDAhR9PeWwEEO66jAQm-p8dK7ItVTpXXtZ85WcCarhth4S_GrHTxe1qpMqKVKs3496pv4U9zxRuG2ghsSzQVC_6kcrrk8H75aQiwMYQ3WTD3fL7CiJeHC7zbC6h_N81HB_9wozhR1zZvTUG0NhRQORffUE8485YNY7Q90ZiIHZ7-3Of6FJU11unou9Bwvo7y77kelFXXoJJlW2-Sph_mBT7UTvbLOa7n4VZeZRpHb_CSoI8yyaqxQJJ9ol3miQNLtuAQbUPaY0oR22ISeqcQSV9bfgN7cRUKV5iQuIJqrEfUYFDlk2dzEi2y7atVzjIkgKfPEao3UXdn6n4v7vmn3PtJpsxuux2d0o0J5eAevxP3K6PhO4jcYgsTa7JdcAPvdtNnaXAKrqgyMUhgvHM0YdgWGk0MB3EjLCPhqdGhm9FhpgRYZMmPqQMI7rAuDq1Jk5J9QAQwI2sLzDOGXd1_3hsJYKKll9DQGtAxCoKlFNhOX8crnM-yL-LndwXUuni7PGO8j8FzCLCKKNKc7e1doF_CMWqqUB4j3_FgAE3ClzCb1v3TTMNN65CvR6-KoVljajDfh-kRzcrG4bhfMq9X31piYShXigZKzcugZp2ypsT9hA0vLYb8UZS4BmYLxa6yQQg&sai=AMfl-YSgIYMRHTc_lPJKbe4dazjK71T5jwfanjdG1rtgLYlZu2zkM8eMLeQ7WDhbZ4Hf72kDYe_UZuElPphmlnegrHT0TdmdG4X3_Q3URXMve86EK-2WZVmGirlSAhXywQ3DS7AeGzjoNjEWmaFdtY3cMg9Gc2Qo7A&sig=Cg0ArKJSzIoZFI5fl-R0EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=422&vt=11&dtpt=239&dett=3&cstd=176&cisv=r20210601.96524&adurl= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:55 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3-29	200	express_html_inpage_rendering_lib_200_271.js Show response s0.2mdn.net/879366/ Frame B58B	111 KB 38 KB	34ms 6ms	Script text/javascript	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 14:24:06 GMT content-encoding gzip x-content-type-options nosniff age 83149 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39287 x-xss-protection 0 last-modified Wed, 14 Oct 2020 18:02:50 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * expires Fri, 04 Jun 2021 14:24:06 GMT
GET H3-29	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame B58B	8 KB 3 KB	9ms 7ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BKMpEzH1lku_jJNCsho4xxXQBNo9nEZnpyLddEVrNafYGCruGy7f9FgaxteDsF3D6mBb4P6xWzzb2v30eTqsPMVnAjWfMluId49yrtrPc5beeFuLUpsHZfc86oGKHNGWe6muodgoVBHPEOvW7ki6UGm0qhnA&dbm_d=AKAmf-CqrtkjkG8_mWTCaqN5Sck_Jb1N8m9GywpdSVwYtlj5wo3QoTrd5ohwj2LnTHy8sE3zFlrNeGEUC8iMMUlsz8EkIMHMGdCukTxt7l-ZUBSiH2MdjXu2JxidVvof2C_VBieWdFKKdU3dhOEqwOH-GbrcY39pnCkPoT96N_g8y56CUa3ac_AhI-esgNaaqiM7UBlwXslvHpCGRSCV7c8jZb6OPl8mzJ7wu3S1yr538MtKPWWwqibivMyuVD-Fv5Y64k8hXUjxDionJActFQbumGcJl-OFiTxPX4r9NJOL7T9Dzr22beTZDwUtE8WZ0n9w1Cf5T0d6kPd1SsZrNgs6HquMgYLhVETSntS3rtR_NrhUhG_J6lzEbvzRoZOsYP02F_0mmXYgOpTbnTmsnzecfi_hZUITSq6BYRtlSoSdAzQ3OB8WHMEyGKmQQ7ksMcW385xGz1uTvn6cwBvNQ6DVqmbcFfW4leolh2fK1T9R_5pMAU9dVbFAe6hAVm9CGthbuyTLVNRXFmmmkP5oYInDh3Vv2oM5XuK7iLFOB3Kt5hxBYo1E90DElaIJ4VbuHq6xbxUlVuEjhk2eO-bfs6mJkHhjA7Xa1R0wxtKE8nKqLn_vnVei96_rI5bobgSUBJZjuFIVWlsvoEpxF21DMRbtc7Lx-3CmIac5vLrVOC3fo3LwNW52AsvfU_wg2FbKYKnXnZmInYYq9_Qrz6NURYmyDYcf35OFq-pwn6WEbsVot7YVfAsg6VRDARYx1GfnjlQQCEOEzckYG3PFADQHv98uespqI7r1jO5l48f5Dhsg6me-7jLKdt_5X9G3QijVEVr7Z5HVkOU-ibJgx2DDKvzRDpcfCRQvfBZiV9oTwBnZoAdpciJI6mM3EwK2ouLQKG5jKg1vPMsxdYV13kw7Shv8SQvQWoxI1KmFJkiiWqUvqcF9axIGMAZsZpoLsLFcflAE1JYKu9OkUvv84u-WErvd2Cg2LcIqm9pZk3AEVXDeQFpM-s3Vc5kbQKXyuQR7k6sHnASH9_DP4OPiaOuuW1xGrZd22SA2SRo51ny_yu5a8YlXZOrCqxNPzdW2Cqy3ZhSCqUu8PImj8kTNL5ju84zrdwiS5CVmh-0OR2BRbZ-j0v5tVdokGFw6Qr3EF9316E94EQzzPaLLQjKQQWO3-OLtiZx9IXB_AhWzDUMtp4FDcVykSY6DFmMHosJZCAIBcYiucu9d6uhmiQmTFEi62xFKeoziAdkKqIfX56o8eIapO0LsVWihJ9abAYwx6Wy_ccsSrgjQjChkDRnYtk3pVt_W18uPJOpBsa2E22yYsAlJ7L1awiR2HJzlyyjeQ8rYKw1VUnjKkSRYRYEPx_0P8-MZIdpqxDnsPp_ap5a2O8dPFSiiXQqDwdpTalAk_7AWlLo3lCmeLkRcZxwNdglgannjxFNbMPoLfh3gTmI1Z3ul37RRcLeDLmR5NFBxhv9B0fs-72XvS8wcUr2Cl2FX_eAVeZnMHM0peDFfS_Co3BSxIhNoPcCK7gMeoQi_Pm-60vgNlu_hfvgCeggUllyeKRGmcRDvUvEyCVDjwNQVpBzoG2UvDgfU4Kjcxh5bcwaaLVx6CK4oKdJFeo9qZ0x3kFbUIDOxZS6qJg4b76Hc1PV-wSCX-LGSij_0X1pslE70-1Emph7QBjGDgktz-9qURd6RIqqB4JZG8OgqtTdcXoxiGQaGU2Uujwdo0ehLO-MJ5ygxouPCmHrWgbWHM5YWr7-nzeeoaqQ7EYasKbU5oSfFBdGtARCuR8gJOkAgi0RDZm2YzcwwVyRkjiWrKc_nvgfqc1cR2fRi6bx2Uis3hO2TWpFH29cjQNIRg_IAHBWtd5melYQnLTimulSawa6QXtGc0Huo_QEdRAFMxRZXirHhjBj_228M9R1xpUiiOvZV9jIOi35cORVjoVo3cg7a_ORCPcn_SbP9LgX9em2sbKOICJE32JV2zQr6br8sr2qmTRvQPN0pV23cmVCEQF3FjMXSWtiyUyZ4WZkBjXaeElL6x7F4sbkZSuiB9vy5gU8KEt5mRN2a4fvMQgGa741b7OlWDu_ssu7neDhmpusoHVokt1qfEMmxil2HjIrTk_1zEOi9KyktHloEnBgs5N8D35AFcM8JjIuTly8-7HQEVixsTSwC9XbgBW6H3_FNm8pG-__qhojTj3Nse5Ue3I4iN04czuVmR8ovrwS_nWwbZNhVC_uexwnj75die2Kd3Hx5QRxzSZLfyZD3yJaYVq8h1azXPSMf9Wl6EpQt6RUYN3FZWCTJI99I3ft7UaRWnWaswnQmAvZMKYz98KVNAQKgVIRMfHGsKXJfxD3ULAWJcw8W3Fl_UOZqTkU-aGdltTCTOp46TPLb0j1gNPG0REjRysELrbnXOBqyYpVNiHmYB-vZrl5lVkQQk0Mu59IYVDJffVaCCGd6jj1yZ0MgeCPWESMK_0OuuuOAn4qurM6qWGclTVv-QVcA_rWuJqdzjTDUJUZebbOR4xM4CL17yfVrKtimJZqwv1IGxpj2ZilVF1QveB5jYsLAvUqaYYJeqjULM6GALcPhIeO0UTTzZPDkTm2RSdU22t8iFgHvI8gIYyv-Jk0i8EQZPwppa6Sp32IK_hvsDQM9LkNnD02Mh12SfFy5tE1m2J7H0gfnYc_4rHZQOFd_TNoQBK3IOq5BEW3vs9UY1m82WUxbJsInymJVYCr_bwvnC8IPXhzdc3UhDTrKyAnORjbiUYMDY1znUELrwmvbEBNQ1en-QHs6xG6UsEeZsS8sQ_CnL3CXml9lVuv1iNGB19y-KWdjMNL2vsiwGJSU_ort2cyPSf09Y6-73MlbqyfWT-_dNFPGJOPPAf_xzDo3C0GCh-M_PbLyBhPgTBRRntzwa0SSolHVuyA1_gPCJ_AVgr3WPPVysdo8UkfhAKI9Ar9w4HvkDh08vHLlu-mTcMvS7ML78ccjxeIXp5CkVFbjBvZ0qdRvc5XoWVUiooSj0_sFVsOqo63iqgL8ltBor0zSnkY24HZVExhv0qpN0ZDwQ7tpj0fYiXc2s6sjb9barGWDL8d_RpAmUtkcUs1oCZMBGQN-XZ7TfrgieLJWbyD1lUit_xKrCGK6u9TuEq3vGlcq8xQFcE7U0rhtAfsovi445hNndFhKjj9s_fOQ0Uvc2QhEVZEP9UjoIgQo6XOv3D_Z6Lc&cid=CAASEuRoU7G1kK2lvqIsq_RUDdT-ZQ&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:39 GMT content-encoding gzip x-content-type-options nosniff age 16 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3124 x-xss-protection 0 server cafe etag 4537136162986801320 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:29:39 GMT
GET H3-29	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame B58B	22 KB 8 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BKMpEzH1lku_jJNCsho4xxXQBNo9nEZnpyLddEVrNafYGCruGy7f9FgaxteDsF3D6mBb4P6xWzzb2v30eTqsPMVnAjWfMluId49yrtrPc5beeFuLUpsHZfc86oGKHNGWe6muodgoVBHPEOvW7ki6UGm0qhnA&dbm_d=AKAmf-CqrtkjkG8_mWTCaqN5Sck_Jb1N8m9GywpdSVwYtlj5wo3QoTrd5ohwj2LnTHy8sE3zFlrNeGEUC8iMMUlsz8EkIMHMGdCukTxt7l-ZUBSiH2MdjXu2JxidVvof2C_VBieWdFKKdU3dhOEqwOH-GbrcY39pnCkPoT96N_g8y56CUa3ac_AhI-esgNaaqiM7UBlwXslvHpCGRSCV7c8jZb6OPl8mzJ7wu3S1yr538MtKPWWwqibivMyuVD-Fv5Y64k8hXUjxDionJActFQbumGcJl-OFiTxPX4r9NJOL7T9Dzr22beTZDwUtE8WZ0n9w1Cf5T0d6kPd1SsZrNgs6HquMgYLhVETSntS3rtR_NrhUhG_J6lzEbvzRoZOsYP02F_0mmXYgOpTbnTmsnzecfi_hZUITSq6BYRtlSoSdAzQ3OB8WHMEyGKmQQ7ksMcW385xGz1uTvn6cwBvNQ6DVqmbcFfW4leolh2fK1T9R_5pMAU9dVbFAe6hAVm9CGthbuyTLVNRXFmmmkP5oYInDh3Vv2oM5XuK7iLFOB3Kt5hxBYo1E90DElaIJ4VbuHq6xbxUlVuEjhk2eO-bfs6mJkHhjA7Xa1R0wxtKE8nKqLn_vnVei96_rI5bobgSUBJZjuFIVWlsvoEpxF21DMRbtc7Lx-3CmIac5vLrVOC3fo3LwNW52AsvfU_wg2FbKYKnXnZmInYYq9_Qrz6NURYmyDYcf35OFq-pwn6WEbsVot7YVfAsg6VRDARYx1GfnjlQQCEOEzckYG3PFADQHv98uespqI7r1jO5l48f5Dhsg6me-7jLKdt_5X9G3QijVEVr7Z5HVkOU-ibJgx2DDKvzRDpcfCRQvfBZiV9oTwBnZoAdpciJI6mM3EwK2ouLQKG5jKg1vPMsxdYV13kw7Shv8SQvQWoxI1KmFJkiiWqUvqcF9axIGMAZsZpoLsLFcflAE1JYKu9OkUvv84u-WErvd2Cg2LcIqm9pZk3AEVXDeQFpM-s3Vc5kbQKXyuQR7k6sHnASH9_DP4OPiaOuuW1xGrZd22SA2SRo51ny_yu5a8YlXZOrCqxNPzdW2Cqy3ZhSCqUu8PImj8kTNL5ju84zrdwiS5CVmh-0OR2BRbZ-j0v5tVdokGFw6Qr3EF9316E94EQzzPaLLQjKQQWO3-OLtiZx9IXB_AhWzDUMtp4FDcVykSY6DFmMHosJZCAIBcYiucu9d6uhmiQmTFEi62xFKeoziAdkKqIfX56o8eIapO0LsVWihJ9abAYwx6Wy_ccsSrgjQjChkDRnYtk3pVt_W18uPJOpBsa2E22yYsAlJ7L1awiR2HJzlyyjeQ8rYKw1VUnjKkSRYRYEPx_0P8-MZIdpqxDnsPp_ap5a2O8dPFSiiXQqDwdpTalAk_7AWlLo3lCmeLkRcZxwNdglgannjxFNbMPoLfh3gTmI1Z3ul37RRcLeDLmR5NFBxhv9B0fs-72XvS8wcUr2Cl2FX_eAVeZnMHM0peDFfS_Co3BSxIhNoPcCK7gMeoQi_Pm-60vgNlu_hfvgCeggUllyeKRGmcRDvUvEyCVDjwNQVpBzoG2UvDgfU4Kjcxh5bcwaaLVx6CK4oKdJFeo9qZ0x3kFbUIDOxZS6qJg4b76Hc1PV-wSCX-LGSij_0X1pslE70-1Emph7QBjGDgktz-9qURd6RIqqB4JZG8OgqtTdcXoxiGQaGU2Uujwdo0ehLO-MJ5ygxouPCmHrWgbWHM5YWr7-nzeeoaqQ7EYasKbU5oSfFBdGtARCuR8gJOkAgi0RDZm2YzcwwVyRkjiWrKc_nvgfqc1cR2fRi6bx2Uis3hO2TWpFH29cjQNIRg_IAHBWtd5melYQnLTimulSawa6QXtGc0Huo_QEdRAFMxRZXirHhjBj_228M9R1xpUiiOvZV9jIOi35cORVjoVo3cg7a_ORCPcn_SbP9LgX9em2sbKOICJE32JV2zQr6br8sr2qmTRvQPN0pV23cmVCEQF3FjMXSWtiyUyZ4WZkBjXaeElL6x7F4sbkZSuiB9vy5gU8KEt5mRN2a4fvMQgGa741b7OlWDu_ssu7neDhmpusoHVokt1qfEMmxil2HjIrTk_1zEOi9KyktHloEnBgs5N8D35AFcM8JjIuTly8-7HQEVixsTSwC9XbgBW6H3_FNm8pG-__qhojTj3Nse5Ue3I4iN04czuVmR8ovrwS_nWwbZNhVC_uexwnj75die2Kd3Hx5QRxzSZLfyZD3yJaYVq8h1azXPSMf9Wl6EpQt6RUYN3FZWCTJI99I3ft7UaRWnWaswnQmAvZMKYz98KVNAQKgVIRMfHGsKXJfxD3ULAWJcw8W3Fl_UOZqTkU-aGdltTCTOp46TPLb0j1gNPG0REjRysELrbnXOBqyYpVNiHmYB-vZrl5lVkQQk0Mu59IYVDJffVaCCGd6jj1yZ0MgeCPWESMK_0OuuuOAn4qurM6qWGclTVv-QVcA_rWuJqdzjTDUJUZebbOR4xM4CL17yfVrKtimJZqwv1IGxpj2ZilVF1QveB5jYsLAvUqaYYJeqjULM6GALcPhIeO0UTTzZPDkTm2RSdU22t8iFgHvI8gIYyv-Jk0i8EQZPwppa6Sp32IK_hvsDQM9LkNnD02Mh12SfFy5tE1m2J7H0gfnYc_4rHZQOFd_TNoQBK3IOq5BEW3vs9UY1m82WUxbJsInymJVYCr_bwvnC8IPXhzdc3UhDTrKyAnORjbiUYMDY1znUELrwmvbEBNQ1en-QHs6xG6UsEeZsS8sQ_CnL3CXml9lVuv1iNGB19y-KWdjMNL2vsiwGJSU_ort2cyPSf09Y6-73MlbqyfWT-_dNFPGJOPPAf_xzDo3C0GCh-M_PbLyBhPgTBRRntzwa0SSolHVuyA1_gPCJ_AVgr3WPPVysdo8UkfhAKI9Ar9w4HvkDh08vHLlu-mTcMvS7ML78ccjxeIXp5CkVFbjBvZ0qdRvc5XoWVUiooSj0_sFVsOqo63iqgL8ltBor0zSnkY24HZVExhv0qpN0ZDwQ7tpj0fYiXc2s6sjb9barGWDL8d_RpAmUtkcUs1oCZMBGQN-XZ7TfrgieLJWbyD1lUit_xKrCGK6u9TuEq3vGlcq8xQFcE7U0rhtAfsovi445hNndFhKjj9s_fOQ0Uvc2QhEVZEP9UjoIgQo6XOv3D_Z6Lc&cid=CAASEuRoU7G1kK2lvqIsq_RUDdT-ZQ&rfl=1%2Chttps%253A%252F%252Freturnsandrefund.com%252F%240 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:27:54 GMT content-encoding gzip x-content-type-options nosniff age 121 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8594 x-xss-protection 0 server cafe etag 7958287194716579593 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:27:54 GMT
GET H2	200	af5fc09f-edef-481c-bfa7-696005c6deb3 Show response consumer.krxd.net/consent/get/ Frame 0A52	236 B 426 B	52ms 36ms	Script text/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://consumer.krxd.net/consent/get/af5fc09f-edef-481c-bfa7-696005c6deb3?idt=device&dt=kxcookie&callback=Krux.ns.congstar.kxjsonp_consent_get_0 Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 1c16d201a9100daacb04cf145129a08cb61e6c06afe4c81f9d63eb7090718c12 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 varnish age 0 x-served-by consumer-a002-dub-prod.krxd.net, cache-hhn4064-HHN vary Accept-Encoding x-cache MISS, MISS content-type text/javascript; charset=UTF-8 content-encoding gzip cache-control max-age=1800 x-age 0 accept-ranges bytes x-timer S1622813396.889993,VS0,VE26 content-length 187 x-cache-hits 0, 0
GET H2	200	sd us-u.openx.net/w/1.0/ Frame B434 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMndI5DocHHoJY3na-7dC3g&google_cver=1	43 B 243 B	24ms 24ms	Image image/gif	35.244.159.8 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMndI5DocHHoJY3na-7dC3g&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 8.159.244.35.bc.googleusercontent.com Software OXGW/16.208.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 google server OXGW/16.208.0 vary Accept p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache content-type image/gif alt-svc clear content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEMndI5DocHHoJY3na-7dC3g&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame B434 Redirect Chain https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTRhNjkyZjYtYTEzYi0yYzg1LWQ3NDMtOWUzY2U3OTgwNWE3	170 B 188 B	23ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTRhNjkyZjYtYTEzYi0yYzg1LWQ3NDMtOWUzY2U3OTgwNWE3 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Fri, 04 Jun 2021 13:29:55 GMT content-encoding gzip server OXGW/16.208.0 vary Accept, Accept-Encoding p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=OTRhNjkyZjYtYTEzYi0yYzg1LWQ3NDMtOWUzY2U3OTgwNWE3 content-type image/gif alt-svc clear content-length 0 via 1.1 google
GET H2	200	um sync.teads.tv/ Frame B434 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm https://sync.teads.tv/um?eid=3&uid=CAESEI8KGf5CPPThaE-rSmpctrE&google_cver=1	23 B 172 B	41ms 41ms	Image image/gif	104.111.242.245 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.teads.tv/um?eid=3&uid=CAESEI8KGf5CPPThaE-rSmpctrE&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-242-245.deploy.static.akamaitechnologies.com Software akka-http/10.2.3 / Resource Hash 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT cache-control max-age=0, no-cache, no-store expires Fri, 04 Jun 2021 13:29:55 GMT server akka-http/10.2.3 content-length 23 content-type image/gif Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://sync.teads.tv/um?eid=3&uid=CAESEI8KGf5CPPThaE-rSmpctrE&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 281 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame B434 Redirect Chain https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MDU2NzIxZWEwN2RlMDBmMDY5Nzg4NWExMTBmZGMyYjFmMGVlMTE3Ng==	170 B 188 B	24ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MDU2NzIxZWEwN2RlMDBmMDY5Nzg4NWExMTBmZGMyYjFmMGVlMTE3Ng== Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYs9-EGzAB&v=APEucNX889nt-rwq020matP2zA16j6KVy1RoghjuDrcXzeyOZsK_byyCG8CuBllO1Y16i1bKbMIhakPBn1cp87wNBg_A6J6IDROpsSbRK6UnqOdAWEl9lgdldkLz9-tmzBjLVoPNZfyW4FxiOge7u0wEzg3_ujyNf3Hz_8yFC1IRTwzQWAMVSInJSAruQtI3ddOT1sj0Y9gwvgPDsuU8AXAUNc9XACMeJA Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT server akka-http/10.2.3 content-type text/html; charset=UTF-8 location https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=MDU2NzIxZWEwN2RlMDBmMDY5Nzg4NWExMTBmZGMyYjFmMGVlMTE3Ng== cache-control max-age=0, no-cache, no-store content-length 197 expires Fri, 04 Jun 2021 13:29:55 GMT
GET H3-29	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame B58B	41 KB 15 KB	9ms 9ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 06:53:37 GMT content-encoding gzip x-content-type-options nosniff age 23778 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 04 Jun 2022 06:53:37 GMT
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame 63FF	1 KB 749 B	7ms 7ms	Document text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Fri, 04 Jun 2021 03:04:19 GMT expires Sat, 05 Jun 2021 03:04:19 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 37536 cache-control public, max-age=86400 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame B58B	207 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f2b0f3dde47e0c349631a4f2cc274074da7e518504db2dbf735d3222a75c32ab Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H2	200	sfht0if3y.js Show response cdn.krxd.net/controltag/ Frame B58B	10 KB 4 KB	10ms 10ms	Script text/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.krxd.net/controltag/sfht0if3y.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash c2423cbc3081a6d26022031366660f7900aa5cb280fd91f7a3b80777332b1a54 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-cdn-backend 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 varnish, 1.1 varnish age 815 x-cache MISS, HIT, HIT x-app-cache HIT x-age 0 content-encoding gzip content-length 3673 x-served-by config-service-a003-ash-prod.krxd.net, cache-bwi5145-BWI, cache-hhn4080-HHN x-response-time 1 x-do-esi esi x-timer S1622813396.985183,VS0,VE0 etag "8595c2bfd40270513d3f71e8843150475690db95" vary Accept-Encoding content-type text/javascript; charset=utf-8 cache-control public, max-age=1200 accept-ranges bytes x-cache-hits 0, 1, 888
GET H3-29	200	index.html Show response s0.2mdn.net/4528516/1495445246395522/ Frame DAE0	7 KB 3 KB	9ms 8ms	Document text/html	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/4528516/1495445246395522/index.html Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a227c96966a5a9e356da28f3da286cd117f98164f556216fcb2528b5bfaeef8f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority s0.2mdn.net :scheme https :path /4528516/1495445246395522/index.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html access-control-allow-origin * cross-origin-resource-policy cross-origin content-length 2666 date Thu, 03 Jun 2021 23:03:33 GMT expires Fri, 04 Jun 2021 23:03:33 GMT last-modified Mon, 17 May 2021 09:21:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 age 51982 cache-control public, max-age=86400 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H3-29	200	view googleads4.g.doubleclick.net/pcs/ Frame B58B	0 24 B	30ms 29ms	Ping image/gif	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRkUixqfHP47HThMxnBzhyLJIPbLLVDztztsYDzKw2S7taq4UvrqObXdPxUjIncpRZhjrJ77mNxrU6wav__3LsI2V8vgEybpvCOnlXH6oRuEkrzoKhiozFC7MQ8KxSjg1Wii8ugCcv7hNmEUQHgdnHNxELMface1okxO_7Dmvhtv5XcGUfdu2MKBZgTktbxOqpfEzYxmOSs8vt8zAd9cKpUELKXDJF5lGQc9j0KWW_gBSYkOzGFclTACEQYeFPfgmhCWC6KZ84b0IEDXPMl_TljD-DP9sUM5n5xvpBBpEWQ0oX5xqbbTxgAGsLDjAxDrM5FE8EqivjEg2wurQmoF8VRD9GRk7QL_1vj2sgHj0s9dGbHDIU5ufAvfJRhFjwNIVpGTwvuXkVcsTajWZc6cK4zPQ4c4HrxMM5KD1hup-VlmTfKUwAaEcro9Kz0UPMR3_AzR8FPH95yNWZdI8nTP8JdgvW4Tc2wm2rYQaEPyEPnMrMelBQJbbxArrCWjW9sXX7RjNUGJlv7BwvBEsEXus2_Y63dosZiuBzrcpaG-9KPFJjmwEq-A4wpRpr_bTvwMU5Zl89u3eULXPjjKKu-G6KmV_OfJ-aSZIC6rPoGVRXdG8XLZ7YTn8OhjfrvVFPRbeQJWSRazVDkykeXAyhbgPwEhw1MPDqSZ9wT4jeUjltMpHypMSBqmEb4sN7Je8gddyz_mLIJM6rjXGQAiJURSIiL59eRBLTdAxd09Yl2RxVp0Zt8oOT8mBJbL8yOxZW_I9SIJNc-Qz6kWX_59ehZFL1S0ALTXYlABGbkAk8cUwrh5DgIKMbudzIP9PPHDQ2OScosAozM06TwvFYvs4LrUmKS7W03xBN-LmdFYYCcWit0LfPtUDt8qpQ7_b7jLwm1FyHw5UiNvEu8wEHet3moO-NxCFDlsST1RmYVz7VoqR6_k_F02LBrJCzAqHp5NsCFyT23YRwXQhKMM_2rPY2TqgglTP6UiCNLz1Koq7M2OReDHlwTY2WwPeRGd4ddkrDzEFPnakLdtoov321Ag2zA_LWlyXhay5PM6G4QEez9wDnip-4njeRxF-uLvcXOEMNBP1wYnVTwBq96JmNWzQF3NsLvHC0dV5A4CHKz8sPd1wTtdp8sdl44NaxUjNyNClTp-2DvrkvZQPjqw94yOWMECeHiU6yYnDletWABk4f5DyFIemk_FI7biNkq1LdJrkUHjLpoR9mzWk9ixiVf_rt779EfFvqMbI__1lAEMT9GwszqdUiLYdM-gPw0MQru0Gwv0uQ&sai=AMfl-YQfMzxyRu0w7P1rtFgPr9OblkEsgXiiYM1Rtx4t2u4uSYn1ZgqsT8JsNv-mOjNb8oK2gzdCLxhyFj3bNAmsa6-Q35iJygztxLU_GxKpcaaTc9OAtUW0cd2MdehuDKF_bYl4aD8PojD-LeTLHHs1zW3MN25p3g&sig=Cg0ArKJSzHjHTA6-YmpdEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=120&cbvp=1&cstd=119&cisv=r20210601.22957&adurl= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version date Fri, 04 Jun 2021 13:29:56 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3-29	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame AB2C	22 KB 8 KB	6ms 6ms	Document text/html	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/Enqz_20U.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 8395 date Fri, 04 Jun 2021 06:53:39 GMT expires Sat, 04 Jun 2022 06:53:39 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 23777 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	optout_check Show response beacon.krxd.net/ Frame 0A52	81 B 240 B	32ms 31ms	Script text/javascript	54.171.237.219 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beacon.krxd.net/optout_check?callback=Krux.ns.congstar.kxjsonp_optOutCheck Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.171.237.219 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-237-219.eu-west-1.compute.amazonaws.com Software / Resource Hash dcdc01f49d4ea6dbae6e3fe42908e1058f566b06186715850599622f357aa06d Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT cache-control private, max-age=0, s-max-age=0 x-request-time D=35 t=1622813396 x-served-by beacon-n020-dub-prod.krxd.net content-type text/javascript
GET H2	200	controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Show response cdn.krxd.net/ctjs/ Frame B58B	259 KB 83 KB	13ms 12ms	Script application/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/controltag/sfht0if3y.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash b9b47c8bafc4618d804c7c54ac03c39b29beb9ed5b1e7d9dbadb0f28d71c3d94 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers x-cdn-backend 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3 date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip age 1341954 x-amz-server-side-encryption AES256 x-cache HIT x-cache-hits 397084 content-length 84451 x-served-by cache-hhn4080-HHN last-modified Thu, 15 Oct 2020 07:09:29 GMT x-timer S1622813396.025696,VS0,VE0 etag "0631b7d64dbbd3656a8b7368ad227a04" content-type application/javascript via 1.1 varnish cache-control public, max-age=315360000 accept-ranges bytes expires Sun, 13 Oct 2030 07:09:28 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 63FF Redirect Chain https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEN8M17x5m2ruH39KjWRbBms&google_cver=1&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdf... https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=aylguirTTwCA7LoTyKCcXw&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdfIxyOQSN9...	170 B 188 B	24ms 24ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=aylguirTTwCA7LoTyKCcXw&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdfIxyOQSN97gCvxQ Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Date Fri, 04 Jun 2021 13:29:56 GMT Server MT3 3759 5f8f15b master zrh-pixel-x30 P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=aylguirTTwCA7LoTyKCcXw&google_push=AQvitUKdPGYLrB0m2QjtM5Vx1TvWsr-j5whr3QJ4A8XG1xK032rIkfZcg_1b3HM6-hVH6RJgrHZqNt0RaPIdPAdfIxyOQSN97gCvxQ Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 0 Expires Fri, 04 Jun 2021 13:29:55 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 63FF Redirect Chain https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAgk2f8B_lJMB7sKHfjeIXI&google_cver=1&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79... https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79Ddm50upQd2y38Rg_Geg&google_hm=h6zYUV8tRAigulq6jX...	170 B 188 B	24ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79Ddm50upQd2y38Rg_Geg&google_hm=h6zYUV8tRAigulq6jXmAnlY Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:55 GMT via 1.1 google server Apache-Coyote/1.1 status 302 p3p CP="NOI DSP COR NID CUR OUR NOR" location https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AQvitUIo_-nuTDxNM1FURJRjgOBE6J-UXMIt-6R6-Vp0tQ7Z1IQPkfI6XY7zmrXb2JMGbl1FcX_vZa97M79Ddm50upQd2y38Rg_Geg&google_hm=h6zYUV8tRAigulq6jXmAnlY cache-control no-cache, must-revalidate content-type text/html;charset=UTF-8 alt-svc clear content-length 0 x-xss-protection 1; mode=block expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 63FF Redirect Chain https://fksnk.com/cs/google?google_gid=CAESENJe4Cln1p56JpN6yPQ-n8g&google_cver=1&google_push=AQvitULeCBN7dD94piBxBPOn9Ed8GSGRGziKxkh2Olle-4DJPuECcAnP3VSucs5_b_h_-_EpaXWg3Zgrrd5zpMvCQyk2gKDHrs0JSQ https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEEyQjI5Q0FFOURCNjgwNg==	170 B 188 B	24ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEEyQjI5Q0FFOURCNjgwNg== Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=OEEyQjI5Q0FFOURCNjgwNg== date Fri, 04 Jun 2021 13:29:56 GMT content-language en-US content-type text/html;charset=ISO-8859-1
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 63FF Redirect Chain https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEKcnzMOLaaEro3a93P6-YcM&google_cver=1&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZAL... https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEKcnzMOLaaEro3a93P6-YcM&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZAL... https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC&google_hm=cG5RcDdORTJUV3lUUVhk...	170 B 188 B	23ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC&google_hm=cG5RcDdORTJUV3lUUVhkdHM4cG4= Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:56 GMT P3p CP="We do not support P3P header." Location https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AQvitUIcgMzb3IUuzxJIFE_yrZY7wu5CZrhu-5RMXECYaYg84krRUvQrG5tinIIjaYm3M9FCWWfzIAW_MZZALJX_PkbBaZZqOxCC&google_hm=cG5RcDdORTJUV3lUUVhkdHM4cG4= Cache-Control no-cache, no-store, must-revalidate Content-Type text/html; charset=utf-8 Content-Length 236 Expires Thu, 01 Dec 1994 16:00:00 GMT
GET H/1.1	200 OK	sync dsp.adkernel.com/ Frame 63FF	42 B 233 B	279ms 86ms	Image image/gif	174.137.133.49 WEBAIR-INTERNET
General Check archive.org Show headers Download Go to Show image Full URL https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEEUvjzZAr17O17i75dMdg8s&google_cver=1&google_push=AQvitUJm8gizLvxlxIfKJoh3gA_oIeNynE9lmigWNlKyDMEzWQCwpVE3d4cpGo-Xp2bIwuJWq_gA7FldNFjL_Y2Arnz9uvzaLgHwTw Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US), Reverse DNS Software nginx / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:56 GMT Server nginx Age 0 Content-Type image/gif Cache-Control no-store Connection keep-alive Content-Length 42
GET H3-29	200	dot.gif s0.2mdn.net/ Frame 63FF	43 B 63 B	35ms 27ms	Image image/gif	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/dot.gif?google_gid=CAESEGIggykG2-IfohGflj13em4&google_cver=1&google_push=AQvitUKRYDPqRJUSx9QZXZhUODJ-wtToHEFIvtrLLbF6jHSVVV-Kb04fYvbRBQtM7Km_fin7mKeHfPmLCUxvVurDQx6MMGfVS-4UMhs Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT x-content-type-options nosniff last-modified Sun, 01 Feb 2009 08:00:00 GMT server sffe content-type image/gif access-control-allow-origin * cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 43 x-xss-protection 0 expires Sat, 05 Jun 2021 13:29:56 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame 63FF Redirect Chain https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9y4 https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9... https://ads.avads.net/sync/ggl?google_gid=CAESEMG7xSBiFxMw7z3ovyushaA&google_cver=1&google_push=AQvitUI9Wz_p31AP2qamaElujE6Tks2aCf-bE_oQi9HI2HuRP3ZZOst_fMkIkSm8ARYGb12IqXK9a5_cKOFk3PUeWHHI2nBDemZY9y4 https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YWI1YmI1YzMtM2RlMS00MGE2LWExMjItOWJlMmI4YzZlODYz	170 B 188 B	24ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YWI1YmI1YzMtM2RlMS00MGE2LWExMjItOWJlMmI4YzZlODYz Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=YWI1YmI1YzMtM2RlMS00MGE2LWExMjItOWJlMmI4YzZlODYz date Fri, 04 Jun 2021 13:29:56 GMT x-envoy-upstream-service-time 4 server istio-envoy content-length 0
GET H3-29	204	attr cm.g.doubleclick.net/pixel/ Frame 63FF	0 12 B	28ms 21ms	Image text/html	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KhhclTP4-fyIGAMc4_9Ij9zFuECX43xDfeDeU0-a7ooOxkldcki8xbU_fhngRkQyav8JPFd7E Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H2	200	createjs-2015.11.26.min.js Show response code.createjs.com/ Frame DAE0	186 KB 48 KB	32ms 22ms	Script text/javascript	2a02:26f0:6c00::210:ba1a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://code.createjs.com/createjs-2015.11.26.min.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495445246395522/index.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e Request headers Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip server Apache cache-control max-age=900 vary Accept-Encoding content-type text/javascript x-n S accept-ranges bytes expires Fri, 04 Jun 2021 13:44:56 GMT
GET H3-29	200	javascript.js Show response s0.2mdn.net/4528516/1495445246395522/ Frame DAE0	21 KB 6 KB	14ms 7ms	Script text/javascript	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/4528516/1495445246395522/javascript.js?1618851346399 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495445246395522/index.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 29d83a5f17474eed64050585fd610596e98d3f2bc0d066610f839d0787f319e3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/4528516/1495445246395522/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 19:20:15 GMT content-encoding gzip x-content-type-options nosniff age 65381 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6102 x-xss-protection 0 last-modified Mon, 17 May 2021 09:21:03 GMT server sffe vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes expires Fri, 04 Jun 2021 19:20:15 GMT
GET H3-29	200	wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Show response pagead2.googlesyndication.com/bg/ Frame AB2C	14 KB 6 KB	12ms 11ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 08:41:22 GMT content-encoding br x-content-type-options nosniff age 17314 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5768 x-xss-protection 0 last-modified Mon, 31 May 2021 08:58:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 04 Jun 2022 08:41:22 GMT
GET H3-29	200	visual.png s0.2mdn.net/4528516/1495445246395522/ Frame DAE0	39 KB 39 KB	8ms 7ms	Image image/png	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/4528516/1495445246395522/visual.png?1618851346390 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d520c8d46b9914fc14e4d825cd7cb191a60d18fe5918c472eb1e1f2cfea060ee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/4528516/1495445246395522/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 03 Jun 2021 19:17:02 GMT x-content-type-options nosniff last-modified Mon, 17 May 2021 09:21:03 GMT server sffe age 65574 content-type image/png access-control-allow-origin * cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 40358 x-xss-protection 0 expires Fri, 04 Jun 2021 19:17:02 GMT
POST H3-29	200	view googleads4.g.doubleclick.net/pcs/ Frame B58B	0 23 B	24ms 24ms	Ping image/gif	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRkUixqfHP47HThMxnBzhyLJIPbLLVDztztsYDzKw2S7taq4UvrqObXdPxUjIncpRZhjrJ77mNxrU6wav__3LsI2V8vgEybpvCOnlXH6oRuEkrzoKhiozFC7MQ8KxSjg1Wii8ugCcv7hNmEUQHgdnHNxELMface1okxO_7Dmvhtv5XcGUfdu2MKBZgTktbxOqpfEzYxmOSs8vt8zAd9cKpUELKXDJF5lGQc9j0KWW_gBSYkOzGFclTACEQYeFPfgmhCWC6KZ84b0IEDXPMl_TljD-DP9sUM5n5xvpBBpEWQ0oX5xqbbTxgAGsLDjAxDrM5FE8EqivjEg2wurQmoF8VRD9GRk7QL_1vj2sgHj0s9dGbHDIU5ufAvfJRhFjwNIVpGTwvuXkVcsTajWZc6cK4zPQ4c4HrxMM5KD1hup-VlmTfKUwAaEcro9Kz0UPMR3_AzR8FPH95yNWZdI8nTP8JdgvW4Tc2wm2rYQaEPyEPnMrMelBQJbbxArrCWjW9sXX7RjNUGJlv7BwvBEsEXus2_Y63dosZiuBzrcpaG-9KPFJjmwEq-A4wpRpr_bTvwMU5Zl89u3eULXPjjKKu-G6KmV_OfJ-aSZIC6rPoGVRXdG8XLZ7YTn8OhjfrvVFPRbeQJWSRazVDkykeXAyhbgPwEhw1MPDqSZ9wT4jeUjltMpHypMSBqmEb4sN7Je8gddyz_mLIJM6rjXGQAiJURSIiL59eRBLTdAxd09Yl2RxVp0Zt8oOT8mBJbL8yOxZW_I9SIJNc-Qz6kWX_59ehZFL1S0ALTXYlABGbkAk8cUwrh5DgIKMbudzIP9PPHDQ2OScosAozM06TwvFYvs4LrUmKS7W03xBN-LmdFYYCcWit0LfPtUDt8qpQ7_b7jLwm1FyHw5UiNvEu8wEHet3moO-NxCFDlsST1RmYVz7VoqR6_k_F02LBrJCzAqHp5NsCFyT23YRwXQhKMM_2rPY2TqgglTP6UiCNLz1Koq7M2OReDHlwTY2WwPeRGd4ddkrDzEFPnakLdtoov321Ag2zA_LWlyXhay5PM6G4QEez9wDnip-4njeRxF-uLvcXOEMNBP1wYnVTwBq96JmNWzQF3NsLvHC0dV5A4CHKz8sPd1wTtdp8sdl44NaxUjNyNClTp-2DvrkvZQPjqw94yOWMECeHiU6yYnDletWABk4f5DyFIemk_FI7biNkq1LdJrkUHjLpoR9mzWk9ixiVf_rt779EfFvqMbI__1lAEMT9GwszqdUiLYdM-gPw0MQru0Gwv0uQ&sai=AMfl-YQfMzxyRu0w7P1rtFgPr9OblkEsgXiiYM1Rtx4t2u4uSYn1ZgqsT8JsNv-mOjNb8oK2gzdCLxhyFj3bNAmsa6-Q35iJygztxLU_GxKpcaaTc9OAtUW0cd2MdehuDKF_bYl4aD8PojD-LeTLHHs1zW3MN25p3g&sig=Cg0ArKJSzHjHTA6-YmpdEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=257&vt=11&dtpt=137&dett=3&cstd=119&cisv=r20210601.22957&adurl= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/ Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:56 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H2	204	ad_impression.gif beacon.krxd.net/ Frame B58B	0 337 B	31ms 31ms	Image text/plain	54.171.237.219 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/ad_impression.gif?campaignid=11313517&advertiserid=4528516&placementid=150618915&adid=321276315&creativeid=151285245&siteid=1729994&url=https%3A%2F%2Fbeacon.krxd.net%2Fad_impression.gif&_kpid=af5fc09f-edef-481c-bfa7-696005c6deb3&confid=sfht0if3y Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.171.237.219 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-237-219.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT cache-control private, no-cache, no-store x-request-time D=26 t=1622813396 x-served-by beacon-n019-dub-prod.krxd.net p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
GET H2	200	af5fc09f-edef-481c-bfa7-696005c6deb3 Show response consumer.krxd.net/consent/get/ Frame B58B	221 B 302 B	40ms 40ms	Script text/javascript	151.101.114.133 FASTLY
General Check archive.org Show headers Download Go to Full URL https://consumer.krxd.net/consent/get/af5fc09f-edef-481c-bfa7-696005c6deb3?idt=device&dt=kxcookie&callback=Krux.ns.congstar.kxjsonp_consent_get_0 Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 9a2f393583ee6dd6bde57c0d1becd3fa7a1abbdd5289b5a44df3b411bf74415a Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT via 1.1 varnish age 0 x-served-by consumer-a013-dub-prod.krxd.net, cache-hhn4064-HHN vary Accept-Encoding x-cache MISS, MISS content-type text/javascript; charset=UTF-8 content-encoding gzip cache-control max-age=1800 x-age 0 accept-ranges bytes x-timer S1622813396.257289,VS0,VE30 content-length 179 x-cache-hits 0, 0
GET H2	200	optout_check Show response beacon.krxd.net/ Frame B58B	81 B 240 B	35ms 34ms	Script text/javascript	54.171.237.219 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://beacon.krxd.net/optout_check?callback=Krux.ns.congstar.kxjsonp_optOutCheck Requested by Host: cdn.krxd.net URL: https://cdn.krxd.net/ctjs/controltag.js.0631b7d64dbbd3656a8b7368ad227a04 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.171.237.219 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-171-237-219.eu-west-1.compute.amazonaws.com Software / Resource Hash dcdc01f49d4ea6dbae6e3fe42908e1058f566b06186715850599622f357aa06d Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT cache-control private, max-age=0, s-max-age=0 x-request-time D=33 t=1622813396 x-served-by beacon-n018-dub-prod.krxd.net content-type text/javascript
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 9882	0 20 B	45ms 44ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-PH50yq6YKL0FJOKjuwP7oOB0AIAAAAAOAHgBAI&bg=!1tWl1ZHNAAY6sG-_OrA7ACkAdvg8WsHWeihOm1HUY8XcKydOhXPfhrnku7KpZSO0nBySfgUsOifdlQIAAAHcUgAAABloAQcKAORTuv6oC7531K3FnttgkLE07l-NJndl6W8aHzX-5ahQcplv0haKJzQKe7RhtCw2wNvbDKnH1jYug-LRh_MsHecsGCRMt8VCJbnlfZCws3zU3-2BLE-xCY2fZhI_RCT1sRXkwsqSeU0AVp4tj-ZtDYNlR2dpYbK6DksX78590HxbCcejgPSVrb6peN6NcjiuSo101MVbHfbSzW42k3AAuvxQTpFXRjU4D-5D9B0Q3hvK80ClDb1wsW7sYxzdFVkbD9HYIqMhiyODysXWuV1l36E4axI2BwY-VKYLa5JibHPyWVSdIdGZAqfAZFEPUNbgdiVe2IqC5scZvTMoMvgA2cbpibUHHJJ-rNxOnl2K0bRPehciZHNAQTZq013hiAf7BolExn2FMbXCfxMbJCIKTh_rja6OlkvxStq6pJvS_tc3oix1ywYq3FjPRKjbfze-PWMpSJ9fk0dWPc3YGnWTyK7JKrK3mTvnv4SQeBQUv2CVSD2tz6aNPSCAxVrmxWS3mHm8SpIl0dVb34hApI-4xEAgSqvtPQTr8kKMmI7w6-r7IdT4FDNKjfHQUz3qSwOsbjBEcDPzPftr5X-I3jeEndg3ynrGckt9BDiZ_KMC37AjSrKH9H-RqftzLKthsG2ht4X4wv6PTuIOjAYeeiUfzYkaWWxc9OX3jAVk0977zvijGIwBsCJonqUmI1cejq-AyA5N4cPAVuggsYWhsg5X6x_2HuMJpoVxB6QlUI7Ry8f4o5HYkYh6ARvPRYQhKLsjvohduPJMGY9WzTpK7zAE06zDKwcmZlX4jBdyQ97bprixbfGdNGZHmA49WfZ8gXWJbKM6HxQZMsBiiACWauh-FpaCCQruA5QVopuQpgEYLzKKZYgX0eENS921O7Voa3bOWkEzv7nNlQiIoCM3bV9boaT3LVdUKsAeN5g94TWwMlE_j6GL8GRGUcp3Ux2bM8wvjQgKvHDJSGFcNVvHNdGXIqTPCMVxPdS4LmZun_RgVjG-cYqsPSH8zr4f3jTAey5Cvc9rSEAhfuWE865sUBS_mA-AKA02eGvhqi4FoiW8foP_kro5E2RcPXHd2CptB9q1-re8WRroJs48cjcg2hEh3S7KOHXfc794GzpqxGIB9FK1HhOFU6pU-e5jZxIucIYeVG5oYK401bE-c8tIhqHEU-TNkpobX10KjB_LojXvBUByp0Q0TCFnky3ptuzI9Yel Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	28ms 27ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	29ms 28ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	351 B 182 B	324ms 321ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=3338093848172661&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=4&prev_scp=a%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3D8c5ffefb122f59a66a8b7672d4452af2%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D36%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26lb%3D80%26reqt%3D1622813395435&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813396446&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=d&ifi=13&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 92ac683c4385edffc2a58e586e8f95714bf3b2f5aa35817101416a766fc61768 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT content-encoding br x-content-type-options nosniff google-mediationgroup-id -2 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 153 x-xss-protection 0 google-lineitem-id -2 pragma no-cache server cafe google-mediationtag-id -2 google-creative-id -2 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	CongstarFont.woff2 s0.2mdn.net/ads/richmedia/studio/45844501/ Frame E30A	102 KB 102 KB	16ms 15ms	Font font/woff2	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/ads/richmedia/studio/45844501/CongstarFont.woff2 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495443094807458/index.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://s0.2mdn.net Referer https://s0.2mdn.net/4528516/1495443094807458/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:19:20 GMT x-content-type-options nosniff last-modified Thu, 06 Oct 2016 14:32:08 GMT server sffe age 636 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=900 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 104232 x-xss-protection 0 expires Fri, 04 Jun 2021 13:34:20 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame AB2C	0 20 B	46ms 44ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7Ldy0yq6YLffK4eOjuwPyMGT-AcAAAAAOAHgBAI&bg=!xMelx4PNAAY6sG-_OrA7ACkAdvg8Wo5MM4weYLcq2fG0JBnJikAeZ56JlhMRqNmLam1EPy-i4iLN0AIAAAEEUgAAAAxoAQcKAM3jDyp06a8zJNSZinbLJe3B6bKGW3I_3HgsavPAumbLSrrMPN_NW5Enpk5-eH4NYpy5zLhOhDNvgJwLZ40zFYXrtc-yDslanyqhQydsG0Kc2dmeMeTEO8CtNoqChYbQApzD17zPws0yh_QEOqJ31JxuhQmU28f9HIOgrXQOw0m8vFm_GYGG0vatk8MqgffopNCN0A3aktiUYKseac0bdtPlcb0RTIVqOiILFyD7BBShBJtq9Hc4AVYb6QRQ68bnVaKBZiLgTHLQSKsN8Q5SmQKndSivvqnurHQIQNjRHsIwaxob_a2tZxhfnHr4o139x65a2KNCPwWhYEL-GzLor-3K7ISnsMoNGd9IZzbah6u1RlFyR8wg5D7JCqwnRYYh78Hdm2gUXl8JOX2K249qeorcPGP8zECGxABCMj_w6yO1RZ7mbP1tlyo8sgdB-RALRJlSNpEqYy1gYQhTd6odEn1mNT_BHfLlPFHCQH50JLE6W_8JhaAD85OeYDR1OaZCvfNql14axf0CjCt2VbfYbePn9J4h6_jKp5U-wHH6hoqLrV0O8WB6ReS-EupztaqRZlzkY2c4LD2zG9hEVhF6gmMMLSLK890RwrYLzbSUIJA9z5Wqbu9p9kTPjwsoVxmN_ctS7A_yGbeEWNTEMCD21xYnrZ3UFw3lPtZimgJa_NuoD2w6PS-Kz21EEkwofscKspMgfj1bzgw-4kQajtY1K2yQ96acpZhXc8_-x7zB8LZJJ3NnCfsFtQbxSDCpYx5WdPdkbcJhk0_GsdhCKOIBoU1T06qnx-d-zFsnPJBuyyohqjVTVi0vc7tcrT99-C4KHJzze3i9eYnA2HImvodwYvc7Tq06rVGemxm-EAgsCsJ32o4oA44OW5-lug4Z1zY79IRcY8_ghtUhykwWGBayhbKsPyUoEno4JQ3NTdVLNu1ZWR-GdTGilg2SOXfbAWlAYjZF3Ah5vGndwrcYqLXvjZSLNUtOHcJaPH9fvZ9Shdq7bIAwC5q0V6IuMfYEMIoF9Bm_yWq2RzqVWMepi5_AtvFcaeQxP5PiaQfBicJrFIAvxj82cKfc4VP20vv5S0fE6o0if8bN-Av5rmGPvqKZCtl9qFroyGhZr778tT99B6pjlIBg8jeFETAQkq22MrhPqdBn80Ylxac_gzSFzYhPe12_HjhrPvqHSg Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 0A52	42 B 64 B	29ms 29ms	Fetch image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJUpjXZ6IqWMq5n226-7rgbMED2_e8qAVyTey0xJh27mx795eL5xni3E6-9SzGK3tck-2Pc7O9WSQYHW_MYp_ngo9ZJmRyXGN3JG-Bbo6aXWsyvKOhvClGGzdgCQ&sai=AMfl-YS6Lm4zeLgzblSq5y7s2RYNRs1D6lc8hmTIutU1gOx7xJXaepHYVmIN3VtO3HZJTiczWg0CHwGcMhbIAnnu706XqfWBC2gfkURLVIu_-lZIGinUHs1D_nkuFUxj&sig=Cg0ArKJSzC7aaq-Gg5I4EAE&cid=CAASEuRoVCq7mny1MeFUsltnUOKing&id=lidar2&mcvt=1000&p=80,650,330,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210602&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3330214951&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622813395279&dlt=28&rpt=291&isd=0&msd=0&r=v Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:56 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	CongstarFont.woff2 s0.2mdn.net/ads/richmedia/studio/45844501/ Frame DAE0	102 KB 102 KB	13ms 6ms	Font font/woff2	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/ads/richmedia/studio/45844501/CongstarFont.woff2 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495445246395522/index.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://s0.2mdn.net Referer https://s0.2mdn.net/4528516/1495445246395522/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:19:20 GMT x-content-type-options nosniff last-modified Thu, 06 Oct 2016 14:32:08 GMT server sffe age 636 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=900 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 104232 x-xss-protection 0 expires Fri, 04 Jun 2021 13:34:20 GMT
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 42 B	9ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	9ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODEifV0sImlzX29yaWciOmZhbHNlfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzM2MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODEifV0sImlzX29yaWciOmZhbHNlfV0= pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	10ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod13-c; active_template::200400=pub_site.1622813387; ezopvc_200400=1; ezepvv=0; ezovid_200400=1436148489; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622813388; ezovuuid_200400=104aa8ca-c04c-4136-4cba-58744dc75339; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezosuigeneris=5ff922c3402632dc80cf7cf8d9be45cb; _ga=GA1.2.1077206813.1622813390; _gid=GA1.2.1416513105.1622813390; _gat_gtag_UA_150748452_1=1; __qca=P0-2038066724-1622813389884; ezux_lpl_200400=1622813389913|7d60b2fc-fd20-494d-7084-ee56fcd7980a|false; __gads=ID=f4f869c9c998c359:T=1622813390:S=ALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w; ezouspvv=36; ezouspva=2; ezouspvh=20 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:56 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H3-29	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	31ms 30ms	Script application/javascript	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	33ms 33ms	Script application/javascript	2a00:1450:4001:831::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * date Fri, 04 Jun 2021 13:29:56 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3-29	200	ads Show response securepubads.g.doubleclick.net/gampad/	66 KB 19 KB	333ms 324ms	XHR text/plain	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521825018140718&correlator=1459308661887762&output=ldjh&impl=fifs&eid=31061161%2C31061181%2C31061200&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210604&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=5&prev_scp=a%3D%257C1%257C%26iid8%3D722765%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod13-c%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-722765%26eb_br%3D14e8a85d4c42ff1db8790cbef9e33493%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D21%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D12%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C122%2C66%2C0%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26lb%3D36%26reqt%3D1622813396959&eri=1&cookie=ID%3Df4f869c9c998c359%3AT%3D1622813390%3AS%3DALNI_MYOAYOAneKTpj0RcHGLtU_nO02Y3w&bc=31&abxe=1&lmt=1622772082&dt=1622813396984&dlt=1622813388833&idt=830&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=e&ifi=14&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=1077206813.1622813390&ga_sid=1622813390&ga_hid=1598877077&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ.. Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software cafe / Resource Hash 15e60262a50fd698bdc5053812a15c8234e072af5f59e705184d2b7c9684a730 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19875 x-xss-protection 0 google-lineitem-id -1 pragma no-cache server cafe google-creative-id -1 content-type text/plain; charset=UTF-8 access-control-allow-origin https://returnsandrefund.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame B58B	42 B 64 B	32ms 27ms	Fetch image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKp1LOOXVb29Nex4r1LbXvc1fVlsGTtokKLwwbVr90MpZ7scvhmcpqUBHZRP__ezaQCBoSDKjM9Xi020RI5o6a-ix-6zlzdcGTnTAmBwm2X1QGK9Giy0sIsidCCA&sai=AMfl-YQDwHkY2UP1b3_XhCbJKoGACnU51bUBBFs1gdQ9Md3OUkbHrjlFOz309L6u_kVuRJ2fVANZzofNtzOH5fojrTUKFmV1pfw1vvF9jvHMnJYRkjTXBuNXccuyPfCs&sig=Cg0ArKJSzH6wrq5mDZDJEAE&cid=CAASEuRoU7G1kK2lvqIsq_RUDdT-ZQ&id=lidar2&mcvt=1024&p=1108,315,1198,1285&mtos=1024,1024,1024,1024,1024&tos=1024,0,0,0,0&v=20210602&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3121120320&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1622813395637&dlt=32&rpt=4&isd=0&msd=0&r=v Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	greenoaks.gif Show response returnsandrefund.com/detroitchicago/	0 65 B	9ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjIzNzQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTE0MDMyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNzEyNyJ9XX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODEzMzg3LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjIzNzQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTE0MDMyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNzEyNyJ9XX1d pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:57 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	9ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNjg4MTE1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1ODUsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiI2ODgxMTUiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjgxMzM4NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU4NSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0= pragma no-cache accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:57 UTC
GET H2	200	container.html Show response 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CEBC	6 KB 3 KB	7ms 6ms	Document text/html	2a00:1450:4001:829::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com :scheme https :path /safeframe/1-0-38/html/container.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://returnsandrefund.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://returnsandrefund.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 3108 date Fri, 04 Jun 2021 13:29:50 GMT expires Sat, 04 Jun 2022 13:29:50 GMT last-modified Tue, 02 Mar 2021 20:17:03 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, immutable, max-age=31536000 age 7 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	9ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIxNGU4YTg1ZDRjNDJmZjFkYjg3OTBjYmVmOWUzMzQ5MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDEyLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDM2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDU5MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIxNGU4YTg1ZDRjNDJmZjFkYjg3OTBjYmVmOWUzMzQ5MyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDEyLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTIsImJpZF9mbG9vcl9wcmV2IjowLjAwMDM2LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI3ZDYwYjJmYy1mZDIwLTQ5NGQtNzA4NC1lZTU2ZmNkNzk4MGEiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDU5MSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezouspvv=12; ezouspva=1; ezouspvh=12 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:56 UTC
GET H2	200	28687274 Show response g.ezoic.net/dac/	0 40 B	10ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://g.ezoic.net/dac/28687274 Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers access-control-allow-origin * date Fri, 04 Jun 2021 13:29:57 GMT cache-control max-age=3600, public server nginx/1.16.0 content-length 0 vary Accept-Encoding content-type text/plain
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 19 B	9ms 9ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA0In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiItMTIwIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezouspvv=12; ezouspva=1; ezouspvh=12 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:57 UTC
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 42 B	9ms 8ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTcsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjQ1MCwiYmlkX2Zsb29yX3ByZXYiOjM2LCJiaWRfZmxvb3JfZmlsbGVkIjoxMiwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzYxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0= Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImF1Y3Rpb25fZXBvY2giOjE2MjI4MTMzOTcsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiN2Q2MGIyZmMtZmQyMC00OTRkLTcwODQtZWU1NmZjZDc5ODBhIiwiYmlkX2Zsb29yX2luaXRpYWwiOjQ1MCwiYmlkX2Zsb29yX3ByZXYiOjM2LCJiaWRfZmxvb3JfZmlsbGVkIjoxMiwiYXVjdGlvbl9jb3VudCI6NiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzYxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0= pragma no-cache cookie ezouspvv=12; ezouspva=1; ezouspvh=12 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:58 UTC
GET H2	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame CEBC	17 KB 7 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:27:24 GMT content-encoding gzip x-content-type-options nosniff age 153 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7001 x-xss-protection 0 server cafe etag 17954294202796946299 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:27:24 GMT
GET H2	200	css fonts.googleapis.com/ Frame CEBC	8 KB 809 B	30ms 29ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:700,500,400,300 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 398b4849b670aa5659a8fe1d8a925591d3c581176db6313a9ef7208d77310ede Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 04 Jun 2021 13:07:15 GMT server ESF date Fri, 04 Jun 2021 13:29:57 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 04 Jun 2021 13:29:57 GMT
GET H2	200	outstream.min.css imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/ Frame CEBC	14 KB 3 KB	39ms 6ms	Stylesheet text/css	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.css Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 20:42:01 GMT content-encoding gzip x-content-type-options nosniff age 233276 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2798 x-xss-protection 0 last-modified Wed, 26 May 2021 15:26:20 GMT server sffe vary Accept-Encoding content-type text/css cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 01 Jun 2022 20:42:01 GMT
GET H2	200	outstream.min.js Show response imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/ Frame CEBC	352 KB 123 KB	39ms 6ms	Script text/javascript	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 65c1928faa8d6d02957353b3d37ef93f1807b952d66f209b3ca5a7da823cd487 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 02:04:20 GMT content-encoding gzip x-content-type-options nosniff age 213937 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-doubleclick-instream-static cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 125173 x-xss-protection 0 last-modified Wed, 26 May 2021 15:26:20 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 02 Jun 2022 02:04:20 GMT
GET H2	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame CEBC	13 KB 6 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:24:26 GMT content-encoding gzip x-content-type-options nosniff age 331 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5635 x-xss-protection 0 server cafe etag 1091097466425408374 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Fri, 18 Jun 2021 13:24:26 GMT
GET H2	204	l www.google.com/ads/measurement/ Frame CEBC	0 0	20ms 19ms	Image text/html	2a00:1450:4001:827::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaQklG1JF0WXZp3hHMoGnuDTadGzsvtBVbVXrfoAXhAq9ybK_I9HDBVvinf6jCa1lSgx7v2dz7Ad-1tpDem6W4HdfsgU6g Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
POST H2	204	csi csi.gstatic.com/ Frame CEBC	0 331 B	64ms 31ms	Ping image/gif	2001:4860:4802:32::3 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~kpid73cx&c=2488155790796&slotId=1244077895398&qqid=CJusxYCL_vACFVDuuwgdow8Gew&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C72811302%2C318491509&nsei=44714510%2C75259405%2C75259407%2C75259408%2C447279544&bi=outstream Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v27/ Frame CEBC	15 KB 16 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 16:46:30 GMT x-content-type-options nosniff last-modified Mon, 05 Apr 2021 21:10:46 GMT server sffe age 247407 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15828 x-xss-protection 0 expires Wed, 01 Jun 2022 16:46:30 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v27/ Frame CEBC	15 KB 15 KB	6ms 5ms	Font font/woff2	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 01 Jun 2021 16:01:41 GMT x-content-type-options nosniff last-modified Mon, 05 Apr 2021 21:10:35 GMT server sffe age 250096 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15688 x-xss-protection 0 expires Wed, 01 Jun 2022 16:01:41 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame CEBC	0 20 B	41ms 40ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CUpev1Sq6YNvtAtDc7_UPo5-Y2Af86vHbYsSmsNehDoesv5PkFxABIPT5xiVgleKQgqAHoAG2_-6dA8gBBakC5Q7y6CBUtD6oAwHIA5sEqgTdAU_QooVDWJt064_ayw9Bll77OIgQ5LKZCxzKqg-fYeSJjYaVrdEfh-j1gnf98TDXdlOy6_CtuqaM2PplX0GzD7ysfXT43KxyOoCDGV_6y3yBkDXzLNyVjJ_rpdLTsLc_7t-9iNAg9OnePhf7QIVXPYkfY4o7frLL0ag6YsmyyhbfSgDcNYpLZ3XJVmsGnh-Yt02iHLaUa7hQi01NC3Ijq3p1eR5_AL5Ky0zzd2u3swk0vmKQtLq3i4FpEAivIKxFopWBsoK8uMVaN6r0SZ023OzDRNyqz978bZYFsbMxwATNyIX7ugPgBAOQBgGgBk6AB7KAkWKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgOYCwHICwGADAGwE_OZwQvQEwDYEwqIFALYFAHQFQGAFwE&eventType=clickstring&clientTime=1622813397447&ai=CUpev1Sq6YNvtAtDc7_UPo5-Y2Af86vHbYsSmsNehDoesv5PkFxABIPT5xiVgleKQgqAHoAG2_-6dA8gBBakC5Q7y6CBUtD6oAwHIA5sEqgTdAU_QooVDWJt064_ayw9Bll77OIgQ5LKZCxzKqg-fYeSJjYaVrdEfh-j1gnf98TDXdlOy6_CtuqaM2PplX0GzD7ysfXT43KxyOoCDGV_6y3yBkDXzLNyVjJ_rpdLTsLc_7t-9iNAg9OnePhf7QIVXPYkfY4o7frLL0ag6YsmyyhbfSgDcNYpLZ3XJVmsGnh-Yt02iHLaUa7hQi01NC3Ijq3p1eR5_AL5Ky0zzd2u3swk0vmKQtLq3i4FpEAivIKxFopWBsoK8uMVaN6r0SZ023OzDRNyqz978bZYFsbMxwATNyIX7ugPgBAOQBgGgBk6AB7KAkWKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgOYCwHICwGADAGwE_OZwQvQEwDYEwqIFALYFAHQFQGAFwE Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	vast Show response bid.g.doubleclick.net/dbm/ Frame CEBC	26 KB 13 KB	84ms 42ms	XHR text/xml	108.177.15.155 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-AnUMa7PBXqFeMWL3kQ8O5tL0t3lptAj_-BynOV8_841cD3tgCX_gYWL7TjDWaQxPGCU-YuxKgp_l7mLlL0bLXDLlD_Hw&dbm_d=AKAmf-Bn59KwSqPmBrIeKsQjQj0lA4qKMgawhWIercKHrqLdRMOYI2GNswjF3Y5Xmhl2oBLRWO7uStmW9PMvNOgzC6e6zbMD67fFU3Z0Y427nHtC5mXHRl89op-Yyj28vvp7XvkYqoqBGVdn_CN5kCmOV5j0Cbz-m11pglio4ilBRYHV4x4qRYsSanJt9Ydq7Wqjef8d5VP2UDJV3fU-TgtylxA_7-IQbDt3ZSJ2eKG-uQ3ZtTOK9UtFE8LkHoP9RLix7iwfuvy6SfPNmolLDM-Q5cfH4mbyG30rF4jyDStWe2ynfc6D6nnimtq_irymNq-wLcYrHMsnRnIKirCSjmNZ90_diiRkBDSNORyisg2NbPDzh1vOpyWTttMwCWw3O3vWqBg8cz_AwyoQOXnVt-AmvzQv3xgpt12jP0P1Varou3wp4Nu6IVDsFLKYJhfvTnMamMVFSRUAEBuwr5H2TdOovKNFE4LNuYaaQVHSzH-HfwXR2IW7kyoXd1cg9NyccIJQZXS8Hx18-GlOICipG8pl4ew5bggsBX2b-_Jh1Umg5sX3idD1Pxlgt-eDmwypz_rHcjSR4WYnh8Xy1iM3qlJqra9jht1aaZTOtWvtCC1ChyDawmqo-WLteXek1QfKSbJ9nZwUAJhOmNgprIrJzAXM8QfGEZkO5z_a5b5arW-hoGtP4J9hO9C-WOziZfecl_MXHr8X9v2Of3yfvesQBJXC5AniuXR_wgvue0ZLfHyfCzCNkY9JwSGhSZ34l9namQZkpwP59zr0rbGLHZDio6Bfh35ho0wEphjB9SRc5ABXpOc0t8yGYKyC16dogvFneAjReXk1ADXGUzqoZ7Ah2aGupxFyzpLdyeytYp_eAxkfjcNInWtkKzHAeIht-ZonUEAdSmIuj8hm6Fzn-zvtw90JS80JJECBsBZOHupH4brkACsnoz2VzUodIOkocJCnVX_sgTXbFyllXvYiqG5NRQzMSpQLkEcX0CKCMdmcDqCcwK-Dl_ZSecXCoBD5gku45x7eCg6SpAMPv8EomL4icRAVeG2MlJdTiC2LqdCzENsn1oCZIZuwodnbhFenYwGYqmmSxQkP5k4UsuO41LUn8ssM4rPdcIdNfIlgLimjl7u6E6CKD916f76ZrbpIJbSQVTKMj1h6TsLIYyT7UmrcLAmwnpBsJ9fhNeQ6rZOiJfZVMo8dB4Q2_nMz06u2C4TmYEi85yiTlhAW4HIudanxfyRkLswoq-fWwY1XG0ElRWk-UwaXT5IVNb-12xZTCoZr5i7-Iu4IexC9OVhj67u-gS6YP-OWT2Gw10-i3SWzwTh_CyzNjCi9PlhuLVzNr2Rll0MMzmNgST8_82zjwS704_8_GUF9bvwdjry3D1AOOTjqQaKFwceiVUdwhry8sOtRxkKN5D6Hyi3dWp6qil2d5DbPQh3mNciyCju_Kcp3FP9v4BwUH_zJafVHInQsYvBljiQfFDrabf6_--t7E8kxb-mYbydaesWPZxYv8Sz_5dCgszIlx1tQ6pWTCDubnzhHgsDFVW2IIL-eCHx6YvD73PvseVebXzQqKCdXGyrJXWQ64xuCerwpc4mRSf4FA6LtT6Z-TSIFny-h7BV-TmfQFsPU6FXyXfCmJuMW5f-Vq9EUJr2kaSo3vjKkiR51wvK476FTnhDd6NykHechvSUZWFEry2sSMz_WV4pfUC9FVUBFPSLrX9NHAsG0CuOtMRospeONVLuUFSY5Gk6b-VpBLYzQODHHTMDRmRU3wX3nLNkFW9PNCo0w04xbYIoFyuLSpkzHVWI8cp0FNxH2iv295KPaTYS08MNP2yDzrdBBLuJSwHkq3b8Noo3lVpIeAHqkaz53iuG4LDmDgp6WThvNx315EFUh_t0ZxPZkLcGDQzEin-Iy18s_jsrEP8GC_eriRXhyNku76IwuGqFKwgm-Oc0Xz_O5guJiw6oI3nGTR1KP05XPoDrAcWFx5evlQyEb88W883Wt5jZyoCA4mlgqzfh0hDw_TmY3YLa2io6_jhyFlfnpOc2YK5MJ1M6Z9s4rNdOdM9KhC-b4DweyFAzMNYybpL7EscdwDvdAfssYQsQvpsi3g_qucN2D0dEttJeAHVxGwS4SQwR9nrsve6QoLlePNFbMSzXkQEWJggZRcQ7RC9fM8pDBGiB_b1Gbn3aVu3b_OjYiVA3g8mfVyytosMEaGZjvxtw4O1ng8ubZDZawpKHWLmhTxnQg1bMhP-L4q9B99FZf8DNcbIeGNEu3vfvJ1GPiMdxzT4IsR0h7Iqnkr0YGIvpOyz6wSAe_vObjVnV8rPbCe3GfOZy1dk-TOCXTCA7Jmkw2fjDeIoLnDCLMElNntGXnGSO_XrjLhIwjfSAvN7BwbFuBjgQeXvSBZi5H_9CBxA1DFrgKloqU4EUh0-tpC52hURYvKcNnl0lyjSf9GrHYiNRh-J6FVS81enB7Rw5j4vaM8oBYfiGuoDDc47Npbqh3DAhrBrQDb9r2cTTq_Eu0J_TLDnr5Utc6yWNJD_G2hNQMSz1R5EZ4gdU0zCRXicT6TwDlOSccmexXkPXpxKlS8H4wTvagILVFIQSVBoIkr2-dDfG6AwH-z_PgknHcEr1Yag9IuHRfp9GjEfRVtFRc6OCzqjJkDcQTYLCcYdgybsl3g7lc8RFWNovc0-bpXK_rWUT5D79pvhsmTemYN8xpP49W7CHPLQqxwsh2NBsvSE8FqQpp-5V1Qef7fZG0Gjfm2ACZL5P5yLmGYOB6zKDOD5NRVNJZHpIyKj3wQ3lcM8yO6h4ZkoiVAbmWCpCFw1f4Lb-_8ZPCKMJvvLWw5EuiZhxaVUzXWhuhhIA84j3xn__mZsKGDjtuNZ_8ytTf9DiXziq7eM8EJqu0qf0fSO-gmr3wPgTI1V6HbZLKnAV8GejjSiGNVga50wfA4bxFHnkMadY80ft8O21_C1I2Yj9vZ23lof_Xlek_oSM7_2-oFaKc9iDf6bkMW3hOjdK8uoNLiBmWVPW_TzjepXvnz54N_ccVt6-Pgz-EgJ05BYCeJ8_BpD1XvlxpVdaWxs1xt8TwMIORz9H60OYg9CUA90XhvqBFC8bHITw0tS_mKcGt85Se_3NxrZD5JsfjUUBptkK8bXc&cid=CAASEuRoPyAgFK-E6b_MCUQoP4aqSA&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.177.15.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS wr-in-f155.1e100.net Software cafe / Resource Hash 7903ffc095300c2149af7ed6c6bcf8d604a610752236f209fefa8dd7793451f1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13077 x-xss-protection 0 pragma no-cache server cafe content-type text/xml; charset=UTF-8 access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame F463	1 KB 749 B	6ms 6ms	Document text/html	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority pagead2.googlesyndication.com :scheme https :path /pagead/s/cookie_push_onload.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Fri, 04 Jun 2021 03:04:19 GMT expires Sat, 05 Jun 2021 03:04:19 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 37538 cache-control public, max-age=86400 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame CEBC	212 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash eeee14365980a2465bee406998101b4281106b415330b66805a703b81bc499f8 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Type image/png
GET H3-29	200	adview securepubads.g.doubleclick.net/pagead/ Frame CEBC	0 0	42ms 42ms	Image text/html	142.250.181.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://securepubads.g.doubleclick.net/pagead/adview?ai=CaD341Sq6YNvtAtDc7_UPo5-Y2Af86vHbYsSmsNehDoesv5PkFxABIPT5xiVgleKQgqAHoAG2_-6dA8gBBakC5Q7y6CBUtD6oAwHIA5sEqgTaAU_QooVDWJt064_ayw9Bll77OIgQ5LKZCxzKqg-fYeSJjYaVrdEfh-j1gnf98TDXdlOy6_CtuqaM2PplX0GzD7ysfXT43KxyOoCDGV_6y3yBkDXzLNyVjJ_rpdLTsLc_7t-9iNAg9OnePhf7QIVXPYkfY4o7frLL0ag6YsmyyhbfSgDcNYpLZ3XJVmsGnh-Yt02iHLaUa7hQi01NC3Ijq3p1eR5_AL5Ky0zzd2u3swk0vmKQtLq3i4FpEAivIPREOOeJsHqoKknFpL9s2u7XW6sqw482B41gjYUdwATNyIX7ugPgBAOIBamArs0wkgUGCBsQAhgBkgULCCIQAhgBSPKNhwGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBk6AB7KAkWKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG9gHAPIHChCDqAwYmOqIqAHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwGwE_OZwQvIE6bA9twD0BMA2BMKiBQC2BQB0BUBgBcBshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=Y0yS9pN5PSY&cid=CAQSPACNIrLMQQUY-QyBbNRCkYrapfpIppkQ-8ulQw7BsPoSa7N4QSA12LVEJq0ckUi71L4654zyu5C-pJRytA&vt=10&cbvp=2&vis=1 Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.181.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s56-in-f2.1e100.net Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://ads.travelaudience.com/google_pixel?google_gid=CAESEOR1rCTtEx67G6c-NB0S-zs&google_cver=1&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqc... https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY&go...	170 B 188 B	22ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY&google_tc= Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=g0TtfpclSfW7H0SUYbE8gg2&google_push=AQvitULta82tzZ2KmczYPHkv6tLPDW8WxrBX9dxXhIOpq0uMJx-21RchAPd8nrQI1tR_PHJv9Jelo_pl-_BzFcqcv7TqluyAJaY&google_tc= cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 414 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://px.adhigh.net/p/gm/rub?google_gid=CAESEGL8rtzKYA9LsVqeJ0KDLIs&google_cver=1&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw https://px.adhigh.net/p/gm/rub?google_gid=CAESEGL8rtzKYA9LsVqeJ0KDLIs&google_cver=1&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&bo... https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&google_hm=9pdSGEIdU_gAAikABlF51zdSY...	170 B 188 B	25ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&google_hm=9pdSGEIdU_gAAikABlF51zdSYw%3D%3D Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server nginx access-control-allow-origin * x-backend-id f10-ru p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUI9juLz7seodjcVMaHVD_j6-Cuv4f9snhHJWt8xjZApmHhFv1Y5YwoXjqdiEYBh_rae5FIzLLte0xHYJyn87XLaxpmNtw&google_hm=9pdSGEIdU_gAAikABlF51zdSYw%3D%3D cache-control no-cache, no-store access-control-allow-credentials true content-length 0 expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKU73_hcrowbae-jhbNQG4w&google_cver=1&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-... https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKU73_hcrowbae-jhbNQG4w&google_cver=1&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-... https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk4ODczODE1MDA0ODMyMzM0OQ&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6...	170 B 188 B	33ms 32ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk4ODczODE1MDA0ODMyMzM0OQ&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-Daozvg5jPDGjAyvoh_U Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server nginx location https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Mzk4ODczODE1MDA0ODMyMzM0OQ&google_push=AQvitUJIuxVWcDjXOhQjLOynXAVghQNDfMiu0CYulHgKB9cTyKafcDqVoVCqdlomygTqz7bXYG-Yi6R-Daozvg5jPDGjAyvoh_U access-control-max-age 86400 access-control-allow-methods GET access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, no-transform access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains access-control-allow-headers Content-Type,Cache-Control,Accept-Encoding,X-Requested-With content-length 0 expires -1
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEGVKyRy8vkhEC2C4bxVYaos&google_cver=1&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6Os... https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=q97K3rIoRzVbIISTByWHXFvPrFY&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6O...	170 B 188 B	22ms 22ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=q97K3rIoRzVbIISTByWHXFvPrFY&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6Os514SJexp7eVw Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Location https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=q97K3rIoRzVbIISTByWHXFvPrFY&google_push=AQvitUL2H1nvWtwwYo-E8CPot2BXTdKm8VMrBB0Fh_soqTPz2xfba9vlCLa4Id1F9ByWgwPcIFt-m0l-H_jg6Os514SJexp7eVw Date Fri, 04 Jun 2021 13:29:57 GMT Connection keep-alive Content-Length 241 Content-Type text/html; charset=utf-8
GET		pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M&google_cver=1&googl... https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M&google_push=AQ... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtS...	0 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEJ6GUVX-oWgyVj3KUNx2U8o&google_cver=1&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc3... https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=WXJlTDN0Tm1ydA==&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc36POknD3o...	170 B 188 B	29ms 28ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=WXJlTDN0Tm1ydA==&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc36POknD3oslwrU Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=chocolateplatform&google_hm=WXJlTDN0Tm1ydA==&google_push=AQvitULwem_kMR97W7iPltfKM4a4Bsy4-L78MxVastGmNi6W0MfRVXXbeCri2eiWrAnHgHVFSIz1DMgMIJ0Kc36POknD3oslwrU date Fri, 04 Jun 2021 13:29:56 GMT via 1.1 google server CookieSync Powered by Vdopia alt-svc clear content-length 0
GET H3-29	200	pixel cm.g.doubleclick.net/ Frame F463 Redirect Chain https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEFrKm4ZkABkyFiWOHuLXXEg&google_cver=1&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw0t9eEAxDf9i0C5f8GcZlGZU7R... https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OGEzY2QyZDEtMTZjZC00NDJkLThiYzktNDM0YjNjYzI3OTI0&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw...	170 B 188 B	23ms 23ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OGEzY2QyZDEtMTZjZC00NDJkLThiYzktNDM0YjNjYzI3OTI0&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw0t9eEAxDf9i0C5f8GcZlGZU7RGyQVUMvwtYA Protocol H3-29 Security QUIC, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=OGEzY2QyZDEtMTZjZC00NDJkLThiYzktNDM0YjNjYzI3OTI0&google_push=AQvitULcwF1A2H1jvk5O9tC1aU5i4dgNhlP3hdXQZSXfL6ypUpYgX31nGtUCqylw0t9eEAxDf9i0C5f8GcZlGZU7RGyQVUMvwtYA date Fri, 04 Jun 2021 13:29:57 GMT content-length 0
GET H2	204	attr cm.g.doubleclick.net/pixel/ Frame F463	0 59 B	20ms 20ms	Image text/html	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KjpFWTqvGazW6dlMFRWPPXH9rqzHprYkALQC0nxHNgzAqB4DTxVIPjl9PgEc-08SAsItmh7g Requested by Host: 9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com URL: https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3-29	200	HdsydzJK.js Show response tpc.googlesyndication.com/sodar/ Frame CEBC	41 KB 15 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/HdsydzJK.js Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Wed, 02 Jun 2021 05:32:26 GMT content-encoding gzip x-content-type-options nosniff age 201451 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15407 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 02 Jun 2022 05:32:26 GMT
HEAD H/1.1	200 OK	file.webm r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC Redirect Chain https://gcdn.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sign... https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,it...	0 0	51ms 6ms	Fetch video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 04 Jun 2021 13:29:57 GMT X-Content-Type-Options nosniff Connection close Alt-Svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Content-Length 4195814 Last-Modified Wed, 05 May 2021 15:58:02 GMT Server gvs 1.0 Vary Origin Content-Type video/webm Access-Control-Allow-Origin null Access-Control-Expose-Headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms Cache-Control private, max-age=86400 Access-Control-Allow-Credentials true Accept-Ranges bytes Timing-Allow-Origin null Expires Fri, 04 Jun 2021 13:29:57 GMT Redirect headers date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 652 x-xss-protection 0 pragma no-cache server ClientMapServer location https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm x-frame-options SAMEORIGIN content-type text/html; charset=UTF-8 access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control no-cache, must-revalidate access-control-allow-credentials true timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3-29	204	csi csi.gstatic.com/ Frame CEBC	0 17 B	60ms 34ms	Ping image/gif	2001:4860:4802:32::3 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~kpid73d5&c=2488155790796&slotId=1244077895398&qqid=CJusxYCL_vACFVDuuwgdow8Gew&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=856&mt=video%2Fwebm&vs=854x480&ulv=1&cll=0&vmfc=18&vhc=0&msm=1&aits=17%2C36%2C18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C43%2C44%2C45%2C46%2C0&webm=3&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=44&vsrc=doubleclick_dmm&ple=1&ape=1&met.4=videopreviewvisible.ge Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	H0ZEmIz7.html Show response tpc.googlesyndication.com/sodar/ Frame BF62	23 KB 9 KB	6ms 6ms	Document text/html	2a00:1450:4001:813::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers :method GET :authority tpc.googlesyndication.com :scheme https :path /sodar/H0ZEmIz7.html pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin timing-allow-origin * content-length 8727 date Tue, 01 Jun 2021 08:33:34 GMT expires Wed, 01 Jun 2022 08:33:34 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 276983 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3-29	200	Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response pagead2.googlesyndication.com/bg/ Frame BF62	14 KB 6 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 06:47:00 GMT content-encoding br x-content-type-options nosniff age 24177 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5751 x-xss-protection 0 last-modified Mon, 31 May 2021 08:58:00 GMT server sffe vary Accept-Encoding content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 04 Jun 2022 06:47:00 GMT
POST H3-29	204	csi csi.gstatic.com/ Frame CEBC	0 17 B	35ms 34ms	Ping image/gif	2001:4860:4802:32::3 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~kpid73gn&c=2488155790796&slotId=1244077895398&qqid=CJusxYCL_vACFVDuuwgdow8Gew&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=856&mt=video%2Fwebm&vs=854x480&umsem=1&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252Fcab1e40a297006e9%252Fitag%252F44%252Fsource%252Fdoubleclick_dmm%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F3764678283%252Fsparams%252Fid%252Citag%252Csource%252Cctier%252Cacao%252Cip%252Cipbits%252Cexpire%252Fsignature%252F64259A53C6D337660094DD6CF6E7AC335E496463.1C46490381B0DAB5312F5D3F5D33E87E69571BE9%252Fkey%252Fck2%252Ffile%252Ffile.webm&encoded_body_size=0&transfer_size=0 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	17ms 9ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=0-349999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 1c1b849de7e2505b38a00c7161e97b4bdd955de0d41c55209f359a4d1f1e39a5 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:57 GMT
GET H2	200	dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D... ade.googlesyndication.com/ddm/activity/ Frame CEBC	42 B 107 B	82ms 44ms	Image image/gif	172.217.18.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D31932%26vmtime%3D6%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1622813397797;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11; Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s42-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ googleads.g.doubleclick.net/pagead/interaction/ Frame CEBC	42 B 349 B	25ms 23ms	Image image/gif	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/interaction/?ai=CUpev1Sq6YNvtAtDc7_UPo5-Y2Af86vHbYsSmsNehDoesv5PkFxABIPT5xiVgleKQgqAHoAG2_-6dA8gBBakC5Q7y6CBUtD6oAwHIA5sEqgTdAU_QooVDWJt064_ayw9Bll77OIgQ5LKZCxzKqg-fYeSJjYaVrdEfh-j1gnf98TDXdlOy6_CtuqaM2PplX0GzD7ysfXT43KxyOoCDGV_6y3yBkDXzLNyVjJ_rpdLTsLc_7t-9iNAg9OnePhf7QIVXPYkfY4o7frLL0ag6YsmyyhbfSgDcNYpLZ3XJVmsGnh-Yt02iHLaUa7hQi01NC3Ijq3p1eR5_AL5Ky0zzd2u3swk0vmKQtLq3i4FpEAivIKxFopWBsoK8uMVaN6r0SZ023OzDRNyqz978bZYFsbMxwATNyIX7ugPgBAOQBgGgBk6AB7KAkWKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgOYCwHICwGADAGwE_OZwQvQEwDYEwqIFALYFAHQFQGAFwE&sigh=udoYsx8tiXk&label=part2viewed&ad_mt=7&acvw=sv%3D897%26cb%3Dj%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D31932%26vmtime%3D6%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1622813397797 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	view googleads4.g.doubleclick.net/pcs/ Frame CEBC	0 313 B	34ms 32ms	Image image/gif	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscUbYsrA_F5DlaEGK8R_wXDzuxONdn3eonMhoxZ6PemRS2FO2QoHD6NgfaE_AkrKAFB9k7K5CApRsJo5TNaRiErhtbAv2ps09Wtz6YMxGQND6erWE8TYUQCNIZuliLLbuYOYcnVWKp19ygyGCi5-EnPRkUHd0imoP4k1U5sx6YWe0hwsMdfFimy2gzY90lg_0TuZzXCdhArccMV2iCPJ6fg6Ks7k_-RCLE2K4IS1l-3rrvkLNIqlW2T_re2wM8ZNMVhIWMVjKJ4Cq2a3O5O2_G6t5wUUlNCqWXbpdzkoVf2FgGFv4urtjRflqRMtHV_07hqgioxHyguxQIDpHHcJk5_JHPoPK9c02-YpvDcxI09dvLsR_64Ooz0z0PKTdYl0OWgwqaYkr9r2jXI8mundSLSnLRGLpcWGLifb4gpz55pR1j-r9tyfxBR7UnGbWOTd_fPeOXMU9i3ACBNW8FLzMekHlnvu0_fBWrH-N51nH6ndSoRsBhT3RGJVQKxi5Q_YIMkqYmif_8e_KzMHqRtg5mWfuT2FlRM25Uf3ldgeiIj95zQcghd1C7ReBIZvMqj3guaDNEmsF2r2tYGYtGANndAEcZUseu_Pz2eTXtPsz7qL8UWx2ISTHi84wbyuOtAIyRP0i9urx-Vm1FR9vxindbj6fzpt5TlVLw1NvJYjMgoI1dpzgB1T7TTs40j3gE1B4WRZfhr-TeE1_SIyGp9W7bh8DKIK67oamqnyPvq2jdAWy9NJse6uSs5wvJYGCQQhyaf0s3jS88b8x-eAM6GqL-CPYEzw8Qj4mv9KVq8awZvRUJUJxngw-cq1oBbLkG6dVQ1OoC5s2IFoMooJnPFVfUTBdvK5ILMTHslJL5SusmhtDJa8OozxOfujXkfGTC3IkovL03g92GcEreu8qhCfI23KFvJ988rs016gVm51t_gk34wCOvCgJ058d7ogR6G51dQ626IUz-irzIXGvAAjGEa0mqZL97NKRYbZw-A8VFulM_5mcSZ0p8OJnBl-Ts8UKmYE9w1am8Mxy1OynOfBbV1CCSyOGxy1trmSziRnnrCQdOMv-Qrlw4ZotmZibWekQqXIqAbJ850ZLSrh2JjcrTp1DuL77xH_xOlMbl83BD0CLqrhNC0gy0_QWwl6bYKKDz9MHArEKZ32xit9A73dmzl-GWmn_oMe0ZpzciAdWsZASnlgRgiosJ677UI43mD0a1OhI&sai=AMfl-YTc5dvbMUb9yPFM3Okp_TunseQQrX44fvD_aY0fGgiZ5OK3dmlklgo8m4ZQ0ecN7HSh-R2keieaYX8xkPMsBbY-aK2FYNnuxFdrOLKxjYkPO3x6BDeA96xmNjnXxMcMvGTF3Nr-EWQ5a4TRwqXjiQ2-4XB8jA&sig=Cg0ArKJSzIFC0giX0WxwEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version date Fri, 04 Jun 2021 13:29:57 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe expires Fri, 04 Jun 2021 13:29:57 GMT
GET H/1.1	200 OK	user-registering ads.stickyadstv.com/ Frame CEBC Redirect Chain https://googleads.g.doubleclick.net/xbbe/pixel?d=CNeaNhDColUYmOqIqAEgATAB&v=APEucNU4urCtU8nmpkoqsxdtM0le_u0lZ1vtrDRNb_HWpC3tlyXccEKzR-ADQPTkqvaMlg4Go-bPzbrXbGuDoKVPeB8HjPsLMw https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm&google_dbm https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEHx3rITH0GHduNGQvpZBLec&google_cver=1	43 B 722 B	69ms 48ms	Image image/gif	184.30.21.112 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEHx3rITH0GHduNGQvpZBLec&google_cver=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.30.21.112 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-30-21-112.deploy.static.akamaitechnologies.com Software nginx / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Pragma no-cache Date Fri, 04 Jun 2021 13:29:57 GMT Server nginx Content-Type image/gif Access-Control-Allow-Origin * Cache-Control max-age=0, no-cache, no-store Access-Control-Allow-Credentials true Connection keep-alive Content-Length 43 x-sticky-vk 1622813397771066-398 Expires Fri, 04 Jun 2021 13:29:57 GMT Redirect headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEHx3rITH0GHduNGQvpZBLec&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 317 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame CEBC	0 20 B	42ms 40ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3... ade.googlesyndication.com/ddm/activity/ Frame CEBC	42 B 498 B	80ms 43ms	Image image/gif	172.217.18.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D31932%26vmtime%3D6%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1622813397797;ecn1=1;etm1=0;eid1=200101; Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.18.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s42-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	activeview pagead2.googlesyndication.com/pcs/ Frame CEBC	42 B 64 B	24ms 22ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvnA_znMOHq5akyb-p-vlHF8lZRddcaufJ7GNkQNopMiIWPMEmoJk7IU31oSaIG2bk1eVTqjUxU_dhqeonfwapb68SDwTgQAUaAiRKlWTX8nqwPQJtpff7WEYEqjw&sai=AMfl-YSS0pNM763Vs0yPa_scVQYEEzLjvwB5A-6mSZM5SsD1mMasBudkq2TIs6LCnEqiI1riAU5n3iH2u1HTK3CpPL34geZJJAkS0HyYic_DN9B7Dn29KIvhq2oXqLUh&sig=Cg0ArKJSzIzp9YCrZ-E5EAE&cid=CAASEuRoPyAgFK-E6b_MCUQoP4aqSA&id=lidarv&acvw=sv%3D897%26cb%3Dj%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D31932%26vmtime%3D6%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1622813397797&avm=1 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ googleads.g.doubleclick.net/pagead/interaction/ Frame CEBC	42 B 337 B	25ms 23ms	Image image/gif	2a00:1450:4001:802::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://googleads.g.doubleclick.net/pagead/interaction/?ai=CUpev1Sq6YNvtAtDc7_UPo5-Y2Af86vHbYsSmsNehDoesv5PkFxABIPT5xiVgleKQgqAHoAG2_-6dA8gBBakC5Q7y6CBUtD6oAwHIA5sEqgTdAU_QooVDWJt064_ayw9Bll77OIgQ5LKZCxzKqg-fYeSJjYaVrdEfh-j1gnf98TDXdlOy6_CtuqaM2PplX0GzD7ysfXT43KxyOoCDGV_6y3yBkDXzLNyVjJ_rpdLTsLc_7t-9iNAg9OnePhf7QIVXPYkfY4o7frLL0ag6YsmyyhbfSgDcNYpLZ3XJVmsGnh-Yt02iHLaUa7hQi01NC3Ijq3p1eR5_AL5Ky0zzd2u3swk0vmKQtLq3i4FpEAivIKxFopWBsoK8uMVaN6r0SZ023OzDRNyqz978bZYFsbMxwATNyIX7ugPgBAOQBgGgBk6AB7KAkWKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgOYCwHICwGADAGwE_OZwQvQEwDYEwqIFALYFAHQFQGAFwE&sigh=udoYsx8tiXk&label=vast_creativeview&ad_mt=7&acvw=sv%3D897%26cb%3Dj%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26cp%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D0%26dur%3D31932%26vmtime%3D6%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1622813397797 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3-29	204	csi csi.gstatic.com/ Frame CEBC	0 17 B	32ms 32ms	Ping image/gif	2001:4860:4802:32::3 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~kpid73k7&c=2488155790796&slotId=1244077895398&qqid=CJusxYCL_vACFVDuuwgdow8Gew&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=856&mt=video%2Fwebm&vs=854x480&dm=31000&event_name=first_play&asset_bytes=212666&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=12&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=msms_oso.k6~lvlcl.lx~videopreviewstarted.n3&msms_mime0=video%2Fwebm%3B%20codecs%3D%22vp8%2C%20vorbis%22&msms_cs0=350000&msms_ns=1 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame BF62	0 20 B	43ms 42ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BWs1L1Sq6YNKLIMLOnsEPo5-fqAUAAAAAOAHgBAI&bg=!pKelp-PNAAY6sG-_OrA7ACkAdvg8WkWwkKeMtgefZVjLMHhJHnuVN-h5-of4KsDByBCj4PvjAAdfHwIAAACnUgAAAA9oAQcKAMelBY4Gdycpl5l9E5uFNCMh2RwbkMuiy87BZgodZxb6BR9Lp4Z57YVOeD4rywuaUTxgnibobaPHuKxrmrxoAljJ5DdEMF8Z-D52W7G0YfkwxqCTqsCRYJsc4ahDJcBgVVnlf_uNU7KjJQcX7i4VCn-sLW42qPYnTqnv-4IZ8tb7HWybpHiGU4wTSZ3yU81lUyc2_Wl1ZfVrWN_NyeRKsiq-KXBbzyRr5UfOyhpS2CLoqwWbvfpCFdIdpVzA7fveQnXu4mdZ2vc-mQKDgLzTx5wsosW7Hg5bAx97PSSY5uiYm15QIm2lBkSSmPuxeKKNnaUIugRstOFTir568TjXGDyvEcxETMhpx-oHE4fxTmhApyn7ziJjrhWlZY3Uz8dlSxZK-HH96drs7v_lUIYYOEDYD1x64MUsfUIKUA6oo1NO62FKgQt7xehXjxUuYJ6wBnuqBD1zMzWtR3utZ_bCjor6GFt9rC_ocaKose2RoO_tH544VQ8SHyrb6iTndstSgO7MyTKlB5-HuvmSDhzcvHIfjTHcinMgTsirh7d7WtUjMYpMVIS4gFLHixKYBZ12ZBMgCpW2CyTFm5D6vgSVaZ9KTFAoLQmp0D-pK-v2TRp-eKKk6yM1wjBUjw137f69gyz7pl_jm6aTtAdN-RumH2df6oCjF3w1OvF0Hg4P68Epr0GFJe_XptWbGeUOSQJDzTS1bdkgxo85LwjG-c4iyExuFRhP90VdjqMNjxwMXL5D3J5qGtbI_lOebbjEF51njGgm0UYJm2uI9yn1hiG0N3muJrhVx6lJhEX0XQNn9Y_uaN4bFF61lvW7LeNmaGQn3L5omGRzs98nZx29924T4pegeMLFzBoyB3qEVWXGaXlmI0gM0QRIkYq0ziJ4IYyqzqQ-cmTM-mwnCbFYAfV7BUm56XGTlOg10zsVoil5CsDf3rPwE-8uylpMDMTVrMbBkB09wZ4wtrxSf2KKj9hp6xG19-7Qa3u_ePhj7I5E2NAE4dFoM4hzLIN31p-5ugRLJztgF-QLgvWIiHfcwAHo9XgWDd6FunhAstlUlS__d3u76NGuw_N535Pewwx5g1-q2IaNM1qIwA8xYjd1QzhdNF72IlnhtczKH4p5OVk0Vg Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 6ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=350000-699999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 91e2e91886b1c0ec1140b23b26a1c8f29d1512e8a7b1dbeb96e691ff0eab652f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:58 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	6ms 6ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=700000-1049999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash dec755053682cf52f60011c410c6745c3e27bb9acd0e54f7aee83287b1c72c1f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:58 GMT
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 42 B	12ms 12ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d pragma no-cache cookie ezouspvv=12; ezouspva=1; ezouspvh=12 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:57 UTC
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 6ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=1050000-1399999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash e3520ff1d2e4df0ed0c872ba6303d16a62bd28a72110a78dba13c5feb5fc53a4 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:58 GMT
POST H3-29	204	csi csi.gstatic.com/ Frame CEBC	0 17 B	29ms 29ms	Ping image/gif	2001:4860:4802:32::3 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~kpid73nb&c=2488155790796&slotId=1244077895398&qqid=CJusxYCL_vACFVDuuwgdow8Gew&fb=outstream-lima&gpm_i=12&gpm_c=12&gpm_a=12&smb=1000&br=856&mt=video%2Fwebm&vs=854x480&dm=31000&met.4=lvlcl.tx~lvlcl.10v~lvlcl.17u Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 04 Jun 2021 13:29:58 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 7ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=1400000-1749999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 0464948950550e44e9115168f70096fc5eb8c8524b87b769a5078226d3d0a184 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:58 GMT
GET H2	200	army.gif Show response returnsandrefund.com/porpoiseant/	0 42 B	10ms 10ms	XHR text/plain	3.127.76.126 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== Requested by Host: returnsandrefund.com URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-76-126.eu-central-1.compute.amazonaws.com Software nginx/1.16.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers :path /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils1ODAsNDAwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzIyNzY1IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4MTMzODcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjdkNjBiMmZjLWZkMjAtNDk0ZC03MDg0LWVlNTZmY2Q3OTgwYSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ== pragma no-cache cookie ezouspvv=12; ezouspva=1; ezouspvh=12 accept-encoding gzip, deflate, br accept-language en-US user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 sec-fetch-mode cors accept */* cache-control no-cache sec-fetch-dest empty :authority returnsandrefund.com referer https://returnsandrefund.com/ :scheme https sec-fetch-site same-origin :method GET Referer https://returnsandrefund.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:58 GMT server nginx/1.16.0 vary Accept-Encoding Accept-Encoding content-type text/plain; charset=utf-8 x-middleton-display ezp_sol cache-control max-age=0, must-revalidate, no-cache, no-store content-length 0 expires Thu, 03 Jun 2021 13:29:59 UTC
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 7ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=1750000-2099999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 7c5ce6894198a3bd9c1c259719025bb976a487985c0b3ee0a7217834d9859dd1 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:59 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:59 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 7ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=2100000-2449999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash beb75f8309dbbbedfdb50ad38a8d06960fc3f9255fa9f235396afb3babda2e4c Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:59 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:59 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	10ms 6ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=2450000-2799999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 77c0c953ccceddd539236541b375cf82e2ba3348d185e9505317ef969c03a62a Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:59 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:59 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	11ms 10ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=2800000-3149999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 973c21d846632d0a1f0e21aa0d86dbd4b7a1cda4cdd91872c3bff90ef992b565 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:29:59 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:29:59 GMT
GET H3-29	200	dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,326,579%26cp%3D1,1,326,579%26tos%3D0,2004,0,0,... ade.googlesyndication.com/ddm/activity/ Frame CEBC	42 B 63 B	92ms 43ms	Image image/gif	172.217.18.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIksrigIv-8AIVQqcnAh2jzwdVEAAYACD2xt1HQhMIm6zFgIv-8AIVUO67CB2jDwZ7;met=1;acvw=sv%3D897%26cb%3Dj%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,326,579%26cp%3D1,1,326,579%26tos%3D0,2004,0,0,0%26mtos%3D0,2004,2004,2004,2004%26amtos%3D0,0,0,0,0%26mcvt%3D2004%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2166%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D0%26dur%3D31932%26vmtime%3D2174%26dtos%3D2004%26dtoss%3D1%26dvs%3D2004%26dfvs%3D0%26dvpt%3D2166%26is%3D275%26i0%3D18%26ic%3D257%26cs%3D275%26c%3D0.85%26mc%3D0.85%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D7%26psv%3D6%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2004;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.08%26t%3D1622813397797;ecn1=1;etm1=0;eid1=200000; Protocol H3-29 Security QUIC, , AES_128_GCM Server 172.217.18.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s42-in-f2.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:30:00 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	activeview pagead2.googlesyndication.com/pcs/ Frame CEBC	42 B 64 B	29ms 27ms	Image image/gif	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvnA_znMOHq5akyb-p-vlHF8lZRddcaufJ7GNkQNopMiIWPMEmoJk7IU31oSaIG2bk1eVTqjUxU_dhqeonfwapb68SDwTgQAUaAiRKlWTX8nqwPQJtpff7WEYEqjw&sai=AMfl-YSS0pNM763Vs0yPa_scVQYEEzLjvwB5A-6mSZM5SsD1mMasBudkq2TIs6LCnEqiI1riAU5n3iH2u1HTK3CpPL34geZJJAkS0HyYic_DN9B7Dn29KIvhq2oXqLUh&sig=Cg0ArKJSzIzp9YCrZ-E5EAE&cid=CAASEuRoPyAgFK-E6b_MCUQoP4aqSA&id=lidarv&acvw=sv%3D897%26cb%3Dj%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D1,1,326,579%26cp%3D1,1,326,579%26tos%3D0,2004,0,0,0%26mtos%3D0,2004,2004,2004,2004%26amtos%3D0,0,0,0,0%26mcvt%3D2004%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2166%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D0%26dur%3D31932%26vmtime%3D2174%26dtos%3D2004%26dtoss%3D1%26dvs%3D2004%26dfvs%3D0%26dvpt%3D2166%26is%3D275%26i0%3D18%26ic%3D257%26cs%3D275%26c%3D0.85%26mc%3D0.85%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D148255168%26psm%3D7%26psv%3D6%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2004&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.08%26t%3D1622813397797 Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers pragma no-cache date Fri, 04 Jun 2021 13:30:00 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	7ms 7ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=3150000-3499999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 3765729e2c341645597d2d6bde25304775ed5fc4c736e49e48847fde9a6712a7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:30:00 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:30:00 GMT
GET H2	200	86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff s0.2mdn.net/creatives/assets/1881029/ Frame E30A	57 KB 57 KB	38ms 7ms	Font font/woff	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495443094807458/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://s0.2mdn.net Referer https://s0.2mdn.net/4528516/1495443094807458/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:28:25 GMT x-content-type-options nosniff last-modified Wed, 15 Feb 2017 10:23:50 GMT server sffe age 95 content-type font/woff access-control-allow-origin * cache-control public, max-age=900 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 58447 x-xss-protection 0 expires Fri, 04 Jun 2021 13:43:25 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	342 KB 342 KB	8ms 8ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=3500000-3849999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash 92dd8f08f74a601ca3410104a9647de2f589cd7f1384d87de4037a5155f34dd8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:30:00 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 350000 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:30:00 GMT
GET H3-29	200	86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff s0.2mdn.net/creatives/assets/1881029/ Frame DAE0	57 KB 57 KB	12ms 11ms	Font font/woff	2a00:1450:4001:803::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/4528516/1495445246395522/index.html Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://s0.2mdn.net Referer https://s0.2mdn.net/4528516/1495445246395522/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:28:25 GMT x-content-type-options nosniff last-modified Wed, 15 Feb 2017 10:23:50 GMT server sffe age 95 content-type font/woff access-control-allow-origin * cache-control public, max-age=900 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 58447 x-xss-protection 0 expires Fri, 04 Jun 2021 13:43:25 GMT
GET H3-29	200	file.webm Show response r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi... Frame CEBC	338 KB 338 KB	9ms 6ms	XHR video/webm	2a00:1450:4001:29::9 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://r3---sn-4g5e6nez.c.2mdn.net/videoplayback/id/cab1e40a297006e9/itag/44/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3764678283/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/76EDD7048DEAEACDD4AA7F56EA827F0E782DC670.4205548E3ADDAC36883FEF806DE2FD018FB56E6A/key/cms1/cms_redirect/yes/mh/zr/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nez/ms/onc/mt/1622813075/mv/m/mvi/3/pl/50/file/file.webm?range=3850000-4199999 Requested by Host: imasdk.googleapis.com URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20210526_RC00/outstream.min.js Protocol H3-29 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:29::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software gvs 1.0 / Resource Hash bf8707be12a670388a4ae5e7fe3a3fcb991ca273035404611a5d078d29486fa7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Fri, 04 Jun 2021 13:30:00 GMT x-content-type-options nosniff alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 345814 client-protocol quic last-modified Wed, 05 May 2021 15:58:02 GMT server gvs 1.0 vary Origin content-type video/webm access-control-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com access-control-expose-headers Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms cache-control private, max-age=86400 access-control-allow-credentials true accept-ranges bytes timing-allow-origin https://9be71f7efe8e42116229267b09ad43a4.safeframe.googlesyndication.com expires Fri, 04 Jun 2021 13:30:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLoq1WvhUEFuJ2vspswxfQAABI4AAAAB&google_push=AQvitUJEf1_-df94lEmV2ifE8YFNj21btlSau1b_OaYG4PWL1SYIVqedaDRlRlWeRPKCoXLbgjD0tnMOFzBGoEyGtSKtRfW8arI&google_cver=1&google_gid=CAESELSMPLaDzuHBJeuYJS7v_0M