returnsandrefund.com Open in urlscan Pro
2606:4700:3032::ac43:8bea Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://policypal.co/
Effective URL:
https://returnsandrefund.com/
Submission: On December 26 via api (December 26th 2022, 4:23:53 am UTC) from US — Scanned from DE

Summary HTTP 107 Redirects Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 16 domains to perform 107 HTTP transactions. The main IP is 2606:4700:3032::ac43:8bea, located in United States and belongs to CLOUDFLARENET, US. The main domain is returnsandrefund.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 26th 2022. Valid for: a year.

This is the only time returnsandrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	63.250.38.4 63.250.38.4	22612 (NAMECHEAP...) (NAMECHEAP-NET)
39	2606:4700:303... 2606:4700:3032::ac43:8bea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e4:... 2606:4700:e4::ac40:a006	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:400d:80c::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
5	2606:4700:e4:... 2606:4700:e4::ac40:a106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:211... 2600:9000:211a:8000:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
2	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
5	23.203.125.62 23.203.125.62	16625 (AKAMAI-AS) (AKAMAI-AS)
3	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
5	23.203.125.156 23.203.125.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1	199.232.18.132 199.232.18.132	54113 (FASTLY) (FASTLY)
1	64.202.112.223 64.202.112.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	52.222.214.22 52.222.214.22	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.31 99.86.4.31	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.108 143.204.215.108	16509 (AMAZON-02) (AMAZON-02)
6	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1 1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
107	23

1 63.250.38.4 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: premium89-3.web-hosting.com

policypal.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2606:4700:3032::ac43:8bea (United States)

ASN13335 (CLOUDFLARENET, US)

returnsandrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:a006 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e4::ac40:a106 (United States)

ASN13335 (CLOUDFLARENET, US)

ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
basher.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gvl.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211a:8000:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.203.125.62 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-125-62.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.203.125.156 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-125-156.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.18.132 (Vienna, Austria)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

mcdp-nydc1.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-22.fra56.r.cloudfront.net

get.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-31.fra6.r.cloudfront.net

onetag-geo.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-108.fra53.r.cloudfront.net

signal-beacon.s-onetag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cds.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States) 1 redirects

ASN54113 (FASTLY, US)

cd.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	returnsandrefund.com returnsandrefund.com	251 KB
21	wp.com c0.wp.com — Cisco Umbrella Rank: 8063 stats.wp.com — Cisco Umbrella Rank: 3525 pixel.wp.com — Cisco Umbrella Rank: 2968 i0.wp.com — Cisco Umbrella Rank: 3757	423 KB
7	connatix.com 1 redirects capi.connatix.com — Cisco Umbrella Rank: 4345 cd.connatix.com — Cisco Umbrella Rank: 4111 cds.connatix.com — Cisco Umbrella Rank: 4538 capi-tier-2-us-east-2.connatix.com Failed	422 KB
7	outbrain.com widgets.outbrain.com — Cisco Umbrella Rank: 1438 widget-pixels.outbrain.com — Cisco Umbrella Rank: 3616 odb.outbrain.com — Cisco Umbrella Rank: 1618 mcdp-nydc1.outbrain.com — Cisco Umbrella Rank: 6058	93 KB
6	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 11096 ezodn.com — Cisco Umbrella Rank: 10184 g.ezodn.com — Cisco Umbrella Rank: 64128 basher.ezodn.com — Cisco Umbrella Rank: 11749 gvl.ezodn.com — Cisco Umbrella Rank: 67667	268 KB
5	outbrainimg.com tcheck.outbrainimg.com — Cisco Umbrella Rank: 9668 images.outbrainimg.com — Cisco Umbrella Rank: 2446	109 KB
5	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 251 googleads.g.doubleclick.net — Cisco Umbrella Rank: 64	189 KB
3	s-onetag.com get.s-onetag.com — Cisco Umbrella Rank: 4572 onetag-geo.s-onetag.com — Cisco Umbrella Rank: 5551 signal-beacon.s-onetag.com — Cisco Umbrella Rank: 6576	14 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 87	20 KB
2	w.org s.w.org — Cisco Umbrella Rank: 1902	2 KB
2	gstatic.com fonts.gstatic.com	45 KB
2	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135	166 KB
1	ezoic.net go.ezoic.net — Cisco Umbrella Rank: 14429	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 115	43 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 111 imasdk.googleapis.com Failed	1 KB
1	policypal.co 1 redirects policypal.co	240 B
107	16

	Domain	Requested by
39	returnsandrefund.com	returnsandrefund.com
16	c0.wp.com	returnsandrefund.com
4	cds.connatix.com	cd.connatix.com
4	images.outbrainimg.com	returnsandrefund.com
4	widgets.outbrain.com	returnsandrefund.com widgets.outbrain.com
4	securepubads.g.doubleclick.net	returnsandrefund.com securepubads.g.doubleclick.net cd.connatix.com
3	i0.wp.com	returnsandrefund.com
2	capi.connatix.com	cd.connatix.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	s.w.org	returnsandrefund.com
2	basher.ezodn.com	returnsandrefund.com
2	fonts.gstatic.com	fonts.googleapis.com
2	pagead2.googlesyndication.com	returnsandrefund.com pagead2.googlesyndication.com
1	cd.connatix.com	1 redirects
1	signal-beacon.s-onetag.com	get.s-onetag.com
1	onetag-geo.s-onetag.com	returnsandrefund.com
1	get.s-onetag.com	returnsandrefund.com
1	mcdp-nydc1.outbrain.com	returnsandrefund.com
1	odb.outbrain.com	widgets.outbrain.com
1	widget-pixels.outbrain.com	returnsandrefund.com
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	pixel.wp.com	returnsandrefund.com
1	go.ezoic.net	returnsandrefund.com
1	gvl.ezodn.com	g.ezodn.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	stats.wp.com	returnsandrefund.com
1	g.ezodn.com	returnsandrefund.com
1	ezodn.com	returnsandrefund.com
1	www.googletagmanager.com	returnsandrefund.com
1	fonts.googleapis.com	returnsandrefund.com
1	go.ezodn.com	returnsandrefund.com
1	policypal.co	1 redirects
0	imasdk.googleapis.com Failed	cd.connatix.com
0	capi-tier-2-us-east-2.connatix.com Failed	cd.connatix.com
107	34

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-11-26` - `2023-11-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.ezoic.net Amazon	`2022-12-17` - `2024-01-15`	a year	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2022-12-06` - `2024-01-06`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-04`	a year	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.s-onetag.com Amazon	`2022-12-04` - `2024-01-02`	a year	crt.sh
*.connatix.com Go Daddy Secure Certificate Authority - G2	`2022-08-22` - `2023-09-23`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://returnsandrefund.com/
Frame ID: 85A6E1F24AC5AB7B246B0D0DB193E7A1
Requests: 99 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html
Frame ID: F2C25B96D38D88F2D4EA9F3F945010D0
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetMonitor/monitor.html?deletelocalstorage=true
Frame ID: D66BCEBB43292CC6EC5E8678231730B9
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/209100/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Frame ID: 6E73B9D7EC15DD2B058250F7F275263A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://policypal.co/ HTTP 301
https://returnsandrefund.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

widgets\.outbrain\.com/outbrain\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

107
Requests

95 %
HTTPS

42 %
IPv6

16
Domains

34
Subdomains

23
IPs

4
Countries

2048 kB
Transfer

5745 kB
Size

19
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://policypal.co/ HTTP 301
https://returnsandrefund.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 HTTP 302
https://cds.connatix.com/p/209100/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

107 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
returnsandrefund.com/
Redirect Chain

http://policypal.co/
https://returnsandrefund.com/

219 KB
53 KB

204ms
166ms

Document
text/html

2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47cc72f812cda6c788f5ee338d036206c5c7ac5fac626dda50bf60c30e91ec14

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 77f70b0b1eda90fe-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Dec 2022 04:23:47 GMT
display: pub_site_sol
expires: Sun, 25 Dec 2022 04:23:47 GMT
link: <https://returnsandrefund.com/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed: off
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wm333TG%2Fa568fAfmNo6cDo2Pij%2FzOwK3On7vpvSVLm7Ng3XTVDeMp4MeKg6fqZPILoiXHrV0LEpFALiuLaM2%2FB7kOFU4UW4o%2BU7ii1rQewbuecnYk%2FlYmGKjWFyAZH2Rl9iiDnMQzoEHxwgYYSpk0EbPjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
response: 200
server: cloudflare
vary: Accept-Encoding,User-Agent
x-ezoic-cdn: Hit ds;mm;7e1140e8e7bc0cb4de6b5609bae96f87;2-200400-23;12d0b3fc-993c-49b7-4f51-82fe0d13366b
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-sol: pub_site

Redirect headers

content-length: 707
content-type: text/html
date: Mon, 26 Dec 2022 04:23:47 GMT
keep-alive: timeout=5, max=100
location: https://returnsandrefund.com/
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 99ms
53ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe4ee1fa950c1852cb16313b91b19a9a17bea7581171bbd338ee258fa03717ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
Origin: https://returnsandrefund.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49353
x-xss-protection: 0
server: cafe
etag: 5409082589813702426
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Dec 2022 04:23:47 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 75ms
23ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b5ef7861572324f3e9d49c9284d10e8e582e1bc44694394afdf5bdc0e6bd0cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27666
x-xss-protection: 0
server: sffe
etag: "1432 / 305 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Dec 2022 04:23:47 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 415 KB
123 KB 72ms
24ms Script
application/javascript 2606:4700:e4::ac40:a006
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,ix,medianet,onetag,openx,pubmatic,pulsepoint,rubicon,sharethrough,sovrn,yahoossp,yieldmo&cb=195-2-50
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a006 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1839b0d495241b3ff1c9f9ed7a93f900c72a863729b0091acef3be0fb6a69fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 06 Dec 2022 06:19:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1721064
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LB0%2B7aPFP7yAc8C%2By9Sx5P55GmnFHmeZbBIPClygwcpwyQZ12a0haZpt6%2BgsFq%2F1ywFqKYOwrIIW8IDfJ63Mcz0tcQ7xiT%2FxNhMnTXCcbB8gPam1uzOTaK%2BiKjTaz8T0z8wVFmCRAkd25SY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77f70b0c9d43918c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fads.js Show response
returnsandrefund.com/porpoiseant/ 8 KB
3 KB 32ms
16ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/fads.js?gcb=195-2&cb=6
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f08bda7e60fadca736bd7ed81684d6dd9bd11951aada10c84e66cbeac3c52197

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 01:02:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12083
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kADDewN%2FlGRTx02HAKxoJL6DrKf01zDd%2FwuQZgvZbye6JWN7yjMOrv%2BLZNn%2BP38XN8G7mwaz0DeGbV4%2FufYHLuVBTEWe6CKzWrpHaEdUvvSTyM6sALKpT9Y2084vEpQjLZIgh8ePqd0ZIuF1ZXKDlnj%2FfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0c5f5b90fe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 blocks.style.build.css
returnsandrefund.com/wp-content/plugins/structured-content/dist/ 5 KB
2 KB 33ms
18ms Stylesheet
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.5.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45ec54f6edf49e36dc01d93b61e9b3209c78e6efa525f5c31cbd654013963ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 12083
x-ezoic-cdn: Hit ds;ds;cf45570ecc511838adc316af9e4407f5;2-200400-23;e5a6029f-64d8-42bc-5df1-879e89da79ce
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"1206-62cc8c31-1bba2e;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmZX5A0rd2KxPQyr8XNy1j3Ypt5lAg5orIs97wK48o%2BhDL7cOsDJZLLU8nWg%2FRyxhV537SSiW2eYnB36Bymrwf3BJlh6uXIHmDShoqRVNT7rnaNNQYoDRC8%2BVQJ1G9Fsj946wt7Txy4QC4rfpY00cBD5pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0c5f5790fe-FRA

GET
H2 200 style.css
returnsandrefund.com/wp-content/themes/eleven40-pro/ 36 KB
8 KB 29ms
15ms Stylesheet
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/themes/eleven40-pro/style.css?ver=2.2.3
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21fff3473be463ddcf93f0506faf2f3facbd71d73a05f8e53ac2d46a76d082ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 12083
x-ezoic-cdn: Hit ds;ds;5d932fe767218e18ab9231eed4eea248;2-200400-23;9d6f1ac3-d705-4896-5979-28134ceda76c
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"8f44-5d80d49b-1be219;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjEiHb4JPYvnpJ8ZOv17WxOpHd6rfRTrcHkVq%2Bzw0B%2BfVIFNV3sbFNj5Qs1nQVAE84ClLQtQE1Ybot2%2FWN7snKwT5FW1OX%2BilYnRmis8tyLBkDYq4MuCpH8hZeIxKekchk%2BcYtAsDhF52E9uG4KPXkkDQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0c5f5890fe-FRA

GET
H2 200 style.min.css
c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/ 93 KB
12 KB 45ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/ 11 KB
2 KB 45ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/ 4 KB
1 KB 47ms
9ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 classic-themes.min.css
c0.wp.com/c/6.1.1/wp-includes/css/ 217 B
280 B 46ms
9ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/classic-themes.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
strict-transport-security: max-age=15552000
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
server: nginx
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 217
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 styles.css
returnsandrefund.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 27ms
17ms Stylesheet
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a38595d63dfae35b88183515b69f8b742128b564b9ea4dbd79908c3aa73921a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 601
x-ezoic-cdn: Hit ds;mm;f54c241f6faca6f3047559580997b873;2-200400-23;ec40e739-3d79-4f79-7573-39ed45a31e5b
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"af3-639c309e-13b9c2;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVz%2BSwRYoWRx5lhRVo0GJOvMbuPl5hna6a%2B0%2B4DBtGhmBJo%2F6Vfjj8CmRJgw3e4SCuXTk7GU2Av0b5Hn1c%2FdDMXeMjAzHuCUrb8jDwGPuZ3GGM%2FsGVc4r2Kovd65sNtkUunf9zYuLb4qivgXG7ZvlZJ%2Bfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0c5f5990fe-FRA

GET
H2 200 dashicons.min.css
c0.wp.com/c/6.1.1/wp-includes/css/ 58 KB
34 KB 45ms
9ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/dashicons.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 136ms
51ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.4.0

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

957bb4484970c4045b0edaa4f83c014bf6f264ef20f8b5cb560a7b6bc5875a75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 26 Dec 2022 03:29:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Dec 2022 04:23:48 GMT

GET
H2 200 default.min.css
returnsandrefund.com/wp-content/plugins/tablepress/css/ 5 KB
3 KB 27ms
19ms Stylesheet
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 12082
x-ezoic-cdn: Hit ds;mm;3f37d5c9d9358dcced104d6e63378b5b;2-200400-23;3e47b2b6-a623-4173-5ee5-e63df0b2a937
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"13e4-617ce6a1-1bd5ec;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Rkbxr6fo87%2FL8tAIsvFY9TJZ4sCdtaTFU6wjyZahJcJO7eXDf3KD%2FjMPSodayMVj7nHUGFYJHbeYNVSkjgZetTMjEhmMMkfKgJzZpbRH9fykIMV1NW7I7kAONJUboZRNSW%2BVj9L8AYKhJ9qNHWPYvF9tw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0c5f5a90fe-FRA

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/11.5.1/css/ 84 KB
15 KB 43ms
10ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 25 Oct 2022 13:51:34 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.1.1/wp-includes/js/jquery/ 88 KB
30 KB 43ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery.min.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.1.1/wp-includes/js/jquery/ 11 KB
4 KB 43ms
10ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H2 200 responsive-menu.js Show response
returnsandrefund.com/wp-content/themes/eleven40-pro/js/ 834 B
925 B 30ms
24ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/themes/eleven40-pro/js/responsive-menu.js?ver=1.0.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f852528a2390fb9b04fba4c026d62925b708751dfeb8eb271ef87aa8c9200fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 12082
x-ezoic-cdn: Hit ds;ds;d1e2fa2b372b7f53e0f55aaebd8f92d4;2-200400-23;1a8c6909-7235-435f-7ff7-7bafef0ddb3b
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"342-5d80d49b-1be21b;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kzB5EYvp7ad6%2Bnf1D6Uz34cvzdF55uImsAkIMV2on2XGHDAcJHTA0n4lFcT4Mw%2BmlQRbo3XG8Cp3LNHf%2BHXqnmP2lAPA5suS9mVlYx%2B0pFg6NJ15Cu3qnpr11aqBzAULnPCD07yTMwmdlh4mr67JWaUQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0c5f5c90fe-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 66ms
29ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-150748452-1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6032f8d96d302484372bd26161f83050741bf7e6f0cf9d30e61e094678bf28ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43633
x-xss-protection: 0
last-modified: Mon, 26 Dec 2022 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Dec 2022 04:23:48 GMT

GET
H2 200 consentsettings.js Show response
ezodn.com/detroitchicago/ 1 KB
1 KB 46ms
15ms Script
application/javascript 2606:4700:e4::ac40:a106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/detroitchicago/consentsettings.js?cb=2
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 28 Feb 2022 04:12:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 25969592
etag: W/"5be-5d90c41506135;5d90c41506135-gzip"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ElYZTL49nceqof2ISDquWcmtW%2BSzZV1pcieJX7BgR%2Bz8yQK0u32o%2BvBatm%2Fs7gLuj23kq2NbO5lGJ8lLO5rNL%2FhCkl8m8TgvYF06FzJO4ctTe%2FXz5AJHJsBsVa7Wl3%2FbzTzAT5mT7DM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0c8e4f9189-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cmp.js Show response
g.ezodn.com/cmp/v2/ 345 KB
86 KB 36ms
21ms Script
text/javascript 2606:4700:e4::ac40:a106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/v2/cmp.js?v=70
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85ea510a074f2cafe47a55809d389ace2bf11c13dc3af25a357832daabe9f692

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 19 Dec 2022 16:44:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 558292
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0US0ob4Enh7HzaFsKMOTmzUvpyKP7kDzCDqBocTRgpdNR36hHArn29yFDbbdjKfR%2BAouukRPTLE6V21UW5%2FjmpdbK7oIGVxQsyH3HMc6fSgMhEZDO1EhIGIVg261dSF6b%2B11Y4jQ04csuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
cf-ray: 77f70b0d4ef39189-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 banger.js Show response
returnsandrefund.com/porpoiseant/ 52 KB
15 KB 15ms
14ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=195-2&bv=170&v=71&PageSpeed=off
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da3f09bd8d729b04d9c28244b17a17518a4d5ddb4a21cad220f6013552e434dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 04:22:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XA20BQDq2ZZUBS7dJ5fKuAfu1Xz5xTnoAoIOew34zj8R07KnKklG57AI6b78faXoe2XzcpTtD08y3jclHYd3Ali1ZUdbIrNA6%2Bxo3dDaz7yHOjTQG9Nsjm6fdVFpFidmwng5TIYK9HWrFWhd0e6a1RhL5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0d3922bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 wp-emoji-release.min.js Show response
returnsandrefund.com/wp-includes/js/ 18 KB
5 KB 15ms
14ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 95
x-ezoic-cdn: Hit ds;mm;bfb05cd26ebe4290bdf7bec2c5093679;2-200400-23;a86b4ca7-0a2c-4c9e-4f04-97c3476f6ae3
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"48b9-62a85bf1-1bc302;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h8cK6gRdy1uU8ozSj5fnbPBrIDGn3lg%2FY0VVSXHoDirBUyw4XmKs4%2FqqCqRpK0q9wYBAItQSZ%2Fly2HNOV%2BQYfMULuRIaHpGpb%2FvQrnRzAosZAw9BTZLocmJ0Lxuwvvy%2BrLDaHyCQTJij8TMQNATZ9jgNAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0d4923bbb5-FRA

GET
H3 200 app.build.js Show response
returnsandrefund.com/wp-content/plugins/structured-content/dist/ 2 KB
1 KB 17ms
17ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/structured-content/dist/app.build.js?ver=1.5.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3986673333826891a3b1d289891efd0689a800f8dbd7a897e016ed1f80e429ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;bcc4d8e5b4d0772a9a2ae376f157b510;2-200400-23;c7e4a1f9-dabb-4a74-78c7-40c26556d8e8
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"838-62cc8c31-1bba30;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OkJjJy9Bqzjsa9UaszYlStJDfEfCgQpWslk%2FkiqfJaldnCIcxQmAxIwqmfm7NkFlQfSnxuW6QMZEYHtxMr6J%2FRXDYEpDolYWy4f7aaVARX1jI%2BhEyXjvvg8Qn%2F%2FujtyWDBp2YEN1FWFRWPJBXlL5GF3U3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8aabbb5-FRA

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/11.5.1/_inc/build/photon/ 685 B
371 B 9ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/11.5.1/_inc/build/photon/photon.min.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 07 Dec 2021 16:56:47 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H3 200 index.js Show response
returnsandrefund.com/wp-content/plugins/contact-form-7/includes/swv/js/ 10 KB
4 KB 17ms
15ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23bb39b607b39a93d953762d2a618a3cbc69c52ceaf70d96890137ca1d2b0228

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;fc62e446e215524a6f4a2322d567f2cb;2-200400-23;3c53ad3f-d3a6-4f95-7bf1-cae2dd281ef1
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"2945-639c309e-13b9ba;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mC0NDZP%2Bb1oF2nk9Kx1emKHNDhl17NL1YkFxJ%2BKSYKsBZGO7rNp%2FYfef%2Bv0zylkbblLwzaXjFq3%2F2yT%2FvFrdwEtrXxTBX86Toyjj37fHridWzRatNduuYThgulXcbkCvTVfnQwEjwprsDzScY2C%2Fx9c0iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8adbbb5-FRA

GET
H3 200 index.js Show response
returnsandrefund.com/wp-content/plugins/contact-form-7/includes/js/ 12 KB
5 KB 16ms
14ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f84293668b02b8c83c20c5c2cf51f8a5a64ac5a15d34be26c85382496b107700

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;1e88f616536c31eb66d7237f61592f63;2-200400-23;37e3a55a-ee5f-45df-51ef-6d5870d2f760
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"316c-639c309e-13b9d5;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZFt3FFDKQnpSF0cAPSk2n4swjSBJzXJlxlr0pVmqBZhvHANJkeMf3lobM11%2FQA4BwMi8RgX5VgG1HHwvUc1al5KiF46R%2BxzCs4WnGPQu%2F4f3FX%2FjObQXFmPev9Ss7CZG4JYiUufkV68DLORoONIfqhzhg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8aebbb5-FRA

GET
H2 200 hoverIntent.min.js Show response
c0.wp.com/c/6.1.1/wp-includes/js/ 1 KB
724 B 9ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/hoverIntent.min.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:47 GMT

GET
H3 200 superfish.min.js Show response
returnsandrefund.com/wp-content/themes/genesis/lib/js/menu/ 4 KB
3 KB 23ms
21ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/themes/genesis/lib/js/menu/superfish.min.js?ver=1.7.10
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;2784cfbe245b118d6e2900a9a36139b9;2-200400-23;995c8195-61f0-472a-4feb-47262da56a41
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"1193-6371d39b-17f95d;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pCgvPc47icDwlVnNTrKepFkEFR0rgFxq3Qj%2FxCAKexMK5S1Hru1l2gAdI7uzCa9wbfpPX%2BZCn532H7qNyuow2vlekZZH3%2Bk5KTsb5PQ5RepLZhn2SzKd11QL%2FDxSt6Tbo5Uvw40wL1o3pv8DeL58xsckNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8afbbb5-FRA

GET
H3 200 superfish.args.min.js Show response
returnsandrefund.com/wp-content/themes/genesis/lib/js/menu/ 132 B
834 B 15ms
14ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/themes/genesis/lib/js/menu/superfish.args.min.js?ver=3.4.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;cf0993432e9d1be35b446a3be70d6805;2-200400-23;9e032079-00df-4b88-5460-ad5ec2bc3034
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"84-6371d39b-17f95e;;;-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pcDd0lzSaU7r7Otq8CQQKHakeWe7A%2FAB05xlgzHDOFupUnZrAj7f7iOtvnD%2Fz6A0lWAJxg2p67Ai9LpVaeX50pAKP53MALVSzljD4e9B%2BSdBdlsMSHvN9U7h8DFX6%2FXb1UGirq83FgXKNutClGww2mypsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8b0bbb5-FRA

GET
H3 200 skip-links.min.js Show response
returnsandrefund.com/wp-content/themes/genesis/lib/js/ 386 B
940 B 22ms
21ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/themes/genesis/lib/js/skip-links.min.js?ver=3.4.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;bd155356af33916f961965f415f542d7;2-200400-23;905dbb3f-1070-4ede-64ce-385d9299d285
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"182-6371d39b-17f969;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0iO5Sm%2B0rCWQSGZG4YPvWEUD7obJFYpNPhX4FPPOo%2BNDR5tzwk9C7tqT6jZqCKAoayL%2FWOkc0TkmB4AIIb7VRgGJThPe6o92r8DjNvd05GQxnle4%2BXxGwQ9vKupK3AyZ4B4P6VLpKjbtpQJSXSCdUI1XxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8b1bbb5-FRA

GET
H3 200 intersection-observer.js Show response
returnsandrefund.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/ 9 KB
4 KB 23ms
21ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;3a45bb49a52ce5db8d5ab72bbea520f5;2-200400-23;2984a0d3-8729-4174-78bc-19ab91482e5b
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"2317-638fab0f-180add;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0oOGRyY%2Bbs8fo0TijM4c9y%2F1XRaEPuNwrQphd6Y075egAa7VJy44c7aILuozsDrSbSarPQKWMWfCa6tzYiXtzyzO%2Bx%2BufLlG%2FZMYCTbdsvKtGqvHGiJVYL3WEnKUFVmp9ClgF5%2B60%2BqSWwfDdUB4ZIeCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8b2bbb5-FRA

GET
H3 200 lazy-images.js Show response
returnsandrefund.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/ 2 KB
2 KB 17ms
15ms Script
application/x-javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=8767d0da914b289bd862
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c99ffa666406b233d0791d6f9c7b4675c37ae1e537813b213bc3968a95321355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 578
x-ezoic-cdn: Hit ds;mm;1a598e30f10d791071564b354ddf3aa2;2-200400-23;194b7669-3c6f-4fb1-7424-4dfc1531fc77
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"93e-638fab0f-180adc;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jTQDTH6HPWxA%2FcFTc3pMkCK01t9Lf1Dk18dOMlZCE7%2FKrOO6nZjS%2FwJgTTtMOz%2F6T34MjBkirVNi%2BycufJCE9zVXZh6u0DIN2Sd4zi4IiOUV2V8hfehUz3aL47thE6UEyEMY9Al2iR%2BfN7uwpmnwlojag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=604800
cf-ray: 77f70b0ca8b3bbb5-FRA

GET
H2 200 e-202248.js Show response
stats.wp.com/ 9 KB
3 KB 29ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202248.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
server: nginx
etag: W/"62f6b688-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 20 Nov 2023 00:47:04 GMT

GET
H3 200 augusta.js Show response
returnsandrefund.com/detroitchicago/ 2 KB
1 KB 13ms
12ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/augusta.js?cb=24
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 04:22:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P1N4JAiG2SzNmus4gOmnWH5mc0a6e8pZzA7IGZ%2BmMdFQ9%2FZCKYofyBOeRzFhB02itCntXOMce3pmOldDOUEzks%2Bu2t3acRVs2toD8o2EjOIcfOsK%2F0jiZOSHrh3q5kMdUQcw4N25lOOnOR4kOTp1FTtFMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0d4924bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ezcl.webp Show response
returnsandrefund.com/utilcave_com/inc/ 1 KB
2 KB 29ms
28ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: middleton
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
display: staticcontent_sol
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhU0DwUfCAOAmH4Izn2v2FAjXRAkoqa7HA3nMPn96S3j8bJjaOeu5CUOWb1aBG3H3kEUBK6vKkBF%2FKyILTFB8xBCO9v6MYGa57Ap3c6JNKIHHXMhuqhkM8QfpERoV8P%2FQjFBb8nKTY3QGAMLP2SgxJQpYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
cf-ray: 77f70b0d4925bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/ Frame F2C2 10 KB
5 KB 50ms
14ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221207/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 39584
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 25 Dec 2022 17:24:04 GMT
etag: 10353107486223812946
expires: Sun, 08 Jan 2023 17:24:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cmbv2.js Show response
returnsandrefund.com/detroitchicago/ 85 KB
27 KB 19ms
18ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a668b930da9370ef8fdfb80c5f8b497509818b3b4c5e3d3d42efa78022240d08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 04:22:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 95
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNeTrwm2ZXyzGFdF4hJTBCHcXgmUsn6aZd7hVTeC9BOTPZ02bSg8F3XmFfWwj5iIQfoO%2FIhxXS%2BiXfatxbSApYBOfmv%2BDG2qsrOv%2BsS9%2F8nGk0ajx0GbHrGY1URgWj6yytRix%2FESgkdnTvHzLui0nAEwzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0d4927bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/ 356 KB
117 KB 82ms
53ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4014340920617312&plah=returnsandrefund.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67b55fa1ac1eb182c16573559fb708578b5ff0677b376090584be98f40f7cb5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119959
x-xss-protection: 0
server: cafe
etag: 619685096949698281
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 26 Dec 2022 04:23:48 GMT

GET
H3 200 return-logo-2.png
returnsandrefund.com/wp-content/uploads/2019/03/ 1 KB
2 KB 14ms
14ms Image
image/png 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
age: 94
x-ezoic-cdn: Hit ds;mm;dfcf52210967f019fd4ce3feb2e0509c;2-200400-23;0d2408f9-97b2-47f8-6a5a-856671f77a4d
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1100
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: "44c-5e196b90-1bd544;;;-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMIIFJn3tb1FXT9S78k2TUSVAACZDBjEoa8zZaoN7vriKFhWVOFfu5KOz%2FwZT16c47zw6nluf92YSthA2HW4VUN7kb7A%2FZVLhMKhOor4rPFn14RiB%2Br3qz5soNUOm0Cp1tgznNBlWZVolj4UZey90jXbnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 77f70b0d695cbbb5-FRA

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v49/ 10 KB
10 KB 107ms
29ms Font
font/woff2 2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.4.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returnsandrefund.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 01:19:31 GMT
x-content-type-options: nosniff
age: 356657
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Dec 2023 01:19:31 GMT

GET
H2 200 0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v26/ 35 KB
35 KB 71ms
33ms Font
font/woff2 2a00:1450:400d:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v26/0QIvMX1D_JOuMwr7Iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.4.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returnsandrefund.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 20 Dec 2022 20:03:22 GMT
x-content-type-options: nosniff
age: 462026
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35660
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:07:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Dec 2023 20:03:22 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 / Show response
basher.ezodn.com/ 6 KB
3 KB 45ms
33ms XHR
application/json 2606:4700:e4::ac40:a106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://basher.ezodn.com/?did=200400&bf=1800&dc=1254144
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=195-2&bv=170&v=71&PageSpeed=off
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e4::ac40:a106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fff649d2fbd314dfac73b6aa05c37313c2f1398e727d43db2d06fc41229bcb80

Request headers

Referer: https://returnsandrefund.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
X-PINGBACK: pingpong
Content-Type: application/json

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 86400
vary: Origin, Accept-Encoding
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://returnsandrefund.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2FYL5dGivyZF7tY69ZiY5Wznh5zL8kbXFAADN3fjwvabCjQQbRrykLbo0kavp86dG%2BTuL3lM%2F%2F%2BvLIkrPqE6y4%2BxM00vCZRaWLXZX1ChwmyMu1kH9Bz7ibMhAPLFOYlKlM92TjrZPFNl%2BACchBiq"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: public, max-age=84400
cf-ray: 77f70b0e4ee1918c-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 /
basher.ezodn.com/ Frame 0
0 42ms
11ms Preflight
application/json 2606:4700:e4::ac40:a106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://basher.ezodn.com/?did=200400&bf=1800&dc=1254144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-pingback
Access-Control-Request-Method: GET
Origin: https://returnsandrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-pingback
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: https://returnsandrefund.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray: 77f70b0e28222bc7-FRA
content-length: 0
content-type: application/json
date: Mon, 26 Dec 2022 04:23:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=khcjCgp%2FRxFoY1vtFBo0aCkrlNMu2I4gZXpL3W7Lt2disN%2FlFC4bkn3A1XPBvqS6GAReO4bD4OwiqPnXBXW804i%2BrYaOvdvcH3dlxFLsSWg4N7SU3dI6S549kEOh8e98FXJLQCldYBQMJ1pX2pur"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Accept-Encoding

GET
H2 200 GVL Show response
gvl.ezodn.com/gvlcache/ 399 KB
55 KB 63ms
30ms XHR
application/json 2606:4700:e4::ac40:a106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gvl.ezodn.com/gvlcache/GVL?gvlSpecificationVersion=2&language=en&cmpv=2
Requested by: Host: g.ezodn.com
URL: https://g.ezodn.com/cmp/v2/cmp.js?v=70
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f43661a1459975d418771ddfde2929ccab0b7ef32674ccc5d971b2d2c82074d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
gvlcache-hit: true
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amnihd5ZQaafXgyaJj%2FlJvn9tFtLbFEJ6jE04bVimRmarNRow4GkslIa6aGvu%2F3M0Fkc55lP2vyUSXWihPnZCD6pNJEv7Edn9T48TqiOSClygFTJtTuniHnEWJnBCA7Hgwkx9XC4hLRN%2BH43"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cf-ray: 77f70b0e3a65bbf2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 houston.js Show response
returnsandrefund.com/detroitchicago/ 6 KB
3 KB 27ms
27ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=34
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cda3688d66efcd9227d4bdc04472b134e614d6609c362875370ba4fb52104a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 04:22:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 94
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTA2spxJG2y06Fudk9otZqnZTekYdxHzmqzOGhsa6O47ion6vvRv6NL54F9RRZcJOwE502uNKfkBXVGo5o85j4zirgsmq%2FUeeAGVLgFpCMZmjQBvcWSYsqQmSkTzEjBNTxjkaocAt1LGjjtBrAu2eHUwqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0e1a02bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 nmash.js
returnsandrefund.com/porpoiseant/ 23 KB
7 KB 26ms
25ms Other
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/nmash.js?v=170
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d09dbd9acb641aa10fd50593fe31e55caeed01a10fac759dcb5c8921c9295d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 26 Dec 2022 04:22:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fwje1PphGhBgQQjdu5rh25ViH2RW1ARlAuYSf%2FEKPWD2M1a6Vs2a5kKpLMIMNtTF00qZXtcJmoHF7U11CMWf4pwxuY0%2FOqWkarM6ZXSN8n8GqXmyUVngkgXhedmo3dvPTyDbzGzsr3TIUKS2h4ytCy%2FtQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=14400
x-robots-tag: noindex
cf-ray: 77f70b0e2a05bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 imp.gif Show response
returnsandrefund.com/detroitchicago/ 43 B
574 B 24ms
24ms XHR
image/gif 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A8%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%226%2C5%2C21%2C1%2C34%2C0%2C95%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A1%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A4%2C%22city%22%3A%22Siegburg%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20230801%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A2%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221006%2C1100%2C1101%2C1108%2C1112%2C1115%2C1117%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2216bf8d45-4d75-4b8c-52b9-e968d97d6e71%22%2C%22position_selection_id%22%3A46%2C%22postal_code%22%3A%2253721%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A80933%2C%22response_time_orig%22%3A11%2C%22serverid%22%3A%2218.197.83.255%3A13926%22%2C%22state%22%3A%22NW%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1101%2C1108%2C1112%2C1115%2C1117%22%2C%22t_epoch%22%3A1672028627%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A1450%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXOyxQmZxA7pbqegSVzNLheBlGEsVy9vZBvOHG4gM1OVYVcEEWM0FFoPv7Db3rq4mJHL9C3LYOFM1Yt1c0oQrQO%2BKSQ5yPaXHXCfbgpjx1l%2FCQMlTJGnaRaaQBA9SI9eRKw4mXqaqINF2JFRxHxjyQhygQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 77f70b0e2a10bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Sun, 25 Dec 2022 04:23:47 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 blocks.style.build.css
returnsandrefund.com/wp-content/plugins/structured-content/dist/ 5 KB
5 KB 16ms
15ms Image
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/plugins/structured-content/dist/blocks.style.build.css?ver=1.5.0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 579
x-ezoic-cdn: Hit ds;mm;cf45570ecc511838adc316af9e4407f5;2-200400-23;862d54f4-ebc0-4922-5887-6a712be07ea7
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"1206-62cc8c31-1bba2e;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6fA0SwxTafCgS2mcuKFxZ6dkKRacDDFzd8xXrZ%2BksZf0oj5h9qVO6CPk2ZTxTgs7DeUDmFd%2B6DXw9wzH4zQNGKHUiTXVz3q50%2BFDIv2FPlKPdoLqk5je%2FgnypTwrXdrzdgP0BdNJK8mNUv%2BDVQz2DusSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0e3a18bbb5-FRA

GET
H3 200 style.css
returnsandrefund.com/wp-content/themes/eleven40-pro/ 36 KB
36 KB 17ms
15ms Image
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/themes/eleven40-pro/style.css?ver=2.2.3
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 579
x-ezoic-cdn: Hit ds;mm;5d932fe767218e18ab9231eed4eea248;2-200400-23;008cc4cf-839f-4e5a-6d4b-4276401c9386
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"8f44-5d80d49b-1be219;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7pMXz4Pbe4H2Ik657NcXxou4O2SuuB9uCVAV6DV7puwchWd0nM%2BR%2BSqWaFtRtJKNAbE6R52x7SuHbVNDpllDOx7GYTY6ujU3tTCZzNPsoD6qDmZJ8VDkqePoSEsu4896Ezt7pjazSpE4tFDX81079vQVag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0e3a1ebbb5-FRA

GET
H2 200 style.min.css
c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/ 93 KB
93 KB 9ms
6ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/ 11 KB
11 KB 10ms
6ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/ 4 KB
4 KB 10ms
7ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H2 200 classic-themes.min.css
c0.wp.com/c/6.1.1/wp-includes/css/ 217 B
217 B 10ms
7ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/classic-themes.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
strict-transport-security: max-age=15552000
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
server: nginx
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 217
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H3 200 styles.css
returnsandrefund.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
3 KB 16ms
14ms Image
text/css 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
age: 579
x-ezoic-cdn: Hit ds;mm;f54c241f6faca6f3047559580997b873;2-200400-23;ec40e739-3d79-4f79-7573-39ed45a31e5b
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
response: 200
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: cloudflare
etag: W/"af3-639c309e-13b9c2;gz-gzip"
x-origin-cache-control: public, max-age=604800
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tps%2F%2FC6qyU4GzPDywrnPqIFAhVG4P2rx3kXSWnydjcCMFDn2m54J%2FO%2FH83D%2FTs8vNqAKSj9lcsAElKMYrJ4%2BOoJ9om8yJD9NVac8rcvu9rGqCPrL1FY6SJdjCFI1L60NXOnAh7RXXx5iM19x9ywqesOMaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 77f70b0e3a20bbb5-FRA

GET
H2 200 dashicons.min.css
c0.wp.com/c/6.1.1/wp-includes/css/ 58 KB
58 KB 10ms
7ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/c/6.1.1/wp-includes/css/dashicons.min.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H3 404 default.min.css
returnsandrefund.com/wp-content/plugins/tablepress/css/ 40 KB
40 KB 576ms
574ms Image
text/html 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac39a1c78ee2bfb88bb463ff41f6df4ecf00704c4d7c0b5917cebd278d3be8ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 404
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagespeed: off
response: 404
server: cloudflare
x-origin-cache-control: no-cache, must-revalidate, max-age=0
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zcD9d6QFhHMj%2FSnx%2BP2evuzoSyXoJP95V%2FZPqN2SYKOjWwyTwSGlkODksxlrcokOh2LQtZTKilOIKvx%2Byj%2BeYINzOQqiQ5AguHH%2Buh2O%2BcDPCTj4D90fnf24DnHKz2MTawmUxxbaTnMXuXgohV7eDsvfIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0e3a21bbb5-FRA
link: <https://returnsandrefund.com/wp-json/>; rel="https://api.w.org/"
expires: Sun, 25 Dec 2022 04:23:48 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/11.5.1/css/ 84 KB
84 KB 11ms
9ms Image
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 25 Oct 2022 13:51:34 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 26 Dec 2023 04:23:48 GMT

GET
H3 200 cmbdv2.js Show response
returnsandrefund.com/detroitchicago/ 41 KB
11 KB 17ms
15ms Script
application/javascript 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-8y0c-6y18-5y5f-22&cmbcb=117&sj=x03x0cx18x5f
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9044fbab00c13b0511f231a10453c19bf1b6a6c3dbc0e9dd1efe88c9422e30e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 26 Dec 2022 04:22:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 94
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8sRQWKWnnpE7WrMPS8qYAy0SmJyFbOnovcAOCj%2BXH0%2FQwTuLAH%2FtxV8GJAV43uI6hhZoxt2sW1g1w%2BioHPS6%2FBPGgpSBkA8FFLtHLOUuejqUXvmKz%2FK2q%2Fwibed%2FzqxbXX5nZ9dk8cor7ucOIaCTHv8xrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: public, max-age=31536000
x-robots-tag: noindex
cf-ray: 77f70b0e3a22bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pubads_impl_2022120601.js Show response
securepubads.g.doubleclick.net/gpt/ 381 KB
129 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120601.js?cb=31071222

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949ef00ce71e069fc69a6b829771726245072e18e56b264c536837c459b3febf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 25 Dec 2022 18:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37092
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132161
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 09:39:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 25 Dec 2023 18:05:36 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 146 B
106 B 54ms
24ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bee31da15b0fd55db6b6b86a9f2acdbc7993b6091f222803e7055b18757b82c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81
x-xss-protection: 0
expires: Mon, 26 Dec 2022 04:23:48 GMT

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 117ms
18ms Image
image/png 2600:9000:211a:8000:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:8000:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 23 Dec 2022 20:21:16 GMT
via: 1.1 de5338eac881cf5d87f2d811c3b7417c.cloudfront.net (CloudFront)
x-sol: middleton
display: staticcontent_sol
x-amz-cf-pop: VIE50-C2
age: 201752
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
last-modified: Fri, 23 Dec 2022 17:53:57 GMT
server: Apache/2.4.39 (Ubuntu)
etag: "49d-5d9576f862e00-gzip-gzip"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-id: SCQHvy6Fa0KWudAC4ypsoaDv84oSKU0ZIa1RfhdiibQBnCBroWDftg==
expires: Fri, 30 Dec 2022 20:21:16 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 21ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=205012189&post=0&tz=0&srv=returnsandrefund.com&j=1%3A11.5.1&host=returnsandrefund.com&ref=&fcp=789&rand=0.3921237405972553
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Dec 2022 04:23:48 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 1f384.svg
s.w.org/images/core/emoji/14.0.0/svg/ 3 KB
1 KB 35ms
6ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f384.svg

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

70f3677bc5e73d869cd121b1acfd958ea3e77de5b3c62fc0d31fe3a99c8ddeff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f381.svg
s.w.org/images/core/emoji/14.0.0/svg/ 656 B
721 B 35ms
7ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f381.svg

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

05a6562177e8e5f89852e08f7bbd6b62597b35d70c92238fcab4d6674ec76048

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 26 Dec 2022 04:23:48 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 656
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 50ms
14ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Dec 2022 03:24:37 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3551
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 26 Dec 2022 05:24:37 GMT

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 214 KB
74 KB 85ms
24ms Script
application/x-javascript 23.203.125.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.125.62 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-62.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: df890343fa68fb000f39100626810cdd5d5700649295581b19b0d1b0cbd8a60c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: gzip
last-modified: Sun, 25 Dec 2022 08:33:18 GMT
etag: "17-z0AmMThOaVknh2U+OQh/ODBxeJU"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET,POST
cache-control: max-age=14400
access-control-allow-credentials: false
x-traceid: 70511be5a59f1f53c3a20c26f1ff8750
timing-allow-origin: *, *
content-length: 75099

GET
H2 200 HP-Cancel-Order.jpg
i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/06/ 13 KB
14 KB 28ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/06/HP-Cancel-Order.jpg?resize=768%2C384&ssl=1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

834fec9be101527c5727dcdc16ee874e49535c1d1ff7437c2d797c2405a87639

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 26 Dec 2022 04:23:48 GMT
x-content-type-options: nosniff
last-modified: Fri, 30 Sep 2022 17:50:22 GMT
server: nginx
etag: "09006771af06abce"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://returnsandrefund.com/wp-content/uploads/2022/06/HP-Cancel-Order.jpg>; rel="canonical"
content-length: 13536
expires: Mon, 30 Sep 2024 05:50:22 GMT

GET
H2 200 Guitar-Center-Cancel-Order.jpg
i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/06/ 14 KB
15 KB 34ms
13ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/06/Guitar-Center-Cancel-Order.jpg?resize=768%2C384&ssl=1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7b6892ade7a3c93432db8e67c2be3685e10556e941aa9d526ae2ee06113e327b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 26 Dec 2022 04:23:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 02 Oct 2022 17:01:45 GMT
server: nginx
etag: "d305001ac45ef1d6"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://returnsandrefund.com/wp-content/uploads/2022/06/Guitar-Center-Cancel-Order.jpg>; rel="canonical"
content-length: 14746
expires: Wed, 02 Oct 2024 05:01:45 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 50ms
21ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1532834321&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1945758962&gjid=2080411048&cid=143526789.1672028628&tid=UA-150748452-1&_gid=1530116210.1672028628&_r=1&gtm=2oubu0&z=304315431

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://returnsandrefund.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Dec 2022 04:23:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Redbox-Return-Policy.jpg
i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/07/ 42 KB
42 KB 7ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/returnsandrefund.com/wp-content/uploads/2022/07/Redbox-Return-Policy.jpg?resize=768%2C384&ssl=1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

5da10796aec02eacbdd1831c1ab80b2a1a320ebfad9f355e2c33fb4eaa304875

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Mon, 26 Dec 2022 04:23:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 02 Oct 2022 17:01:48 GMT
server: nginx
etag: "2f91dedd8afb7faa"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://returnsandrefund.com/wp-content/uploads/2022/07/Redbox-Return-Policy.jpg>; rel="canonical"
content-length: 43186
expires: Wed, 02 Oct 2024 05:01:48 GMT

GET
H/1.1 200
OK cmV0dXJuc2FuZHJlZnVuZC5jb20= Show response
tcheck.outbrainimg.com/tcheck/check/ 16 B
464 B 107ms
24ms XHR
application/json 23.203.125.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/cmV0dXJuc2FuZHJlZnVuZC5jb20=
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.156 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 26 Dec 2022 04:23:48 GMT
ETag: W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=42577
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: e8c0407d6c387b0ff810df309d59c209
Content-Length: 16
Expires: Mon, 26 Dec 2022 16:13:25 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
341 B 24ms
24ms Image
image/gif 23.203.125.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.125.62 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Wed, 25 Jan 2023 04:23:48 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
521 B 20ms
19ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzc4NjcwMDk0OTg2NzE1OCIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTExMiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJzdGF0X3NvdXJjZV9pZCIsInZhbCI6IjQ0In1dLCJpc19vcmlnIjowfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GeHNgcOLumPIOiSx73QYpgdU9FRRivWTUdbWwyKjPCFcuoOBbr6aFTQ7Tt69QDkDU4CM7U6RDkaQLMy%2BlVeImxSIGk6QF7W04s6PCNiLXLmyfh6Ai1YtY4ekhmZPSTZzbrTWjNaU8LhLwwHo0H45w%2Bw1dA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fab68bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
520 B 23ms
22ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzc4NjcwMDk0OTg2NzE1OCIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTExMiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJhZHNlbnNldHlwZSIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0GsTwL9uUWModLGJ7fHERbmk3Elnv7lAMjxGEE7ibZqUkD6t5kqtt9s%2FWYSNNkOecpeim0DUUib%2B1XDsOdUZVtohNKm7nIiLcQY2dBeyURFwptka4Bynp01KEVvgMhq03G0CIapmQW5I5voEa%2BD354r8g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fab6bbbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
523 B 23ms
23ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjUxMjU1NDEzNzg2NDc5OCIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTEwMSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJzdGF0X3NvdXJjZV9pZCIsInZhbCI6IjQ0In1dLCJpc19vcmlnIjowfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5JXMX2Xs7A0YCcDwQUT6cGbvcE6d5jQYsHCzj1PtSn2dF0%2FX7cZ0I4JXLxbe2yDTdxi13uLQq4ZvDHD%2FWi5%2F6bti5aLwKbfmGzNAy0i1nBLZkAjMyekP57B4dtB6Q0V2QnJJLypDJqunhR4mjCr%2BhqO9TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fab6cbbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:50 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
531 B 19ms
19ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjUxMjU1NDEzNzg2NDc5OCIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTEwMSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJhZHNlbnNldHlwZSIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=spDLyo6mz0wU6JChYjGFwxyQvb93aT326f%2Bz%2B5u1St5vk8z7MpgyC33ub0WOOV0Y%2Bpf5qD%2F9yICXr5e%2BiB3LlrqUIjM87XahQ%2BQCLMU%2FHXgVmoEYUXVqdAKsPy0YXct5dGtZjIN6C%2FsbpGcuMjzgK8k%2FyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fab6dbbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:50 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
521 B 17ms
16ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI4MjQwODMzOTg0OTEzMyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTEwOCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJzdGF0X3NvdXJjZV9pZCIsInZhbCI6IjQ0In1dLCJpc19vcmlnIjowfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvjbWsiP6Seuz4gR5uvsqqxMQwzzRohzHq5DabQGURVL8aCpf6dkeJLJBllKY80up1pOyYbtrRmmV%2FcZQUmD1nboOhL7SE4xM8yf4PH3ghcXX4mqcAlNWl355NZp9kwCTgSNedCc%2BfRdS6590Ko30c%2FPHA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fbb71bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

POST
H3 204 army.gif
returnsandrefund.com/porpoiseant/ 0
539 B 21ms
21ms Ping
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTI4MjQwODMzOTg0OTEzMyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJhZF9wb3NpdGlvbiI6MTEwOCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImNvbXBfaWQiOjEsImRhdGEiOlt7Im5hbWUiOiJhZHNlbnNldHlwZSIsInZhbCI6IjEifV0sImlzX29yaWciOjB9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5B6BmhGJbgDmtaEszdP7bJixT3wIL04N6wf3gdPQ3z5qZzbgFSBXdcfb6FIreK99MM6dhWNB96dnIvqDxHcAONFTiXS7pdjvkgHxJOI9PTL7xu9fQRCiVg4cNRPEmHt1sltuwefrSbJtSyBtN0b95AnfcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://returnsandrefund.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b0fbb73bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

GET
H2 200 platforms Show response
odb.outbrain.com/utils/ 28 KB
11 KB 427ms
374ms Script
text/javascript 199.232.18.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/platforms?contentUrl=https%3A%2F%2Freturnsandrefund.com%2F&idx=0&rand=29652&key=EZOICL9MFJN21JB32NFBE7ODP&widgetJSId=AR_2&va=true&et=true&format=html&adblck=false&abwl=false&extid=200400_1_117_100x240&px=230&py=1243&vpd=43&activeTab=true&darkMode=false&ab=0&wl=0&settings=true&recs=true&version=20109&sig=3ExsJoO2&apv=false&false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpa=1---&ccpaStat=1&ogn=https%3A%2F%2Freturnsandrefund.com%2F
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.18.132 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3ce6b31a07f7c8726ae33a889de63889a8099219fad039cfd5992edc0ff47ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cache-hits: 0, 0
date: Mon, 26 Dec 2022 04:23:48 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, VIE, Europe1
x-timer: S1672028629.548627,VS0,VE354
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
x-served-by: cache-lga21934-LGA, cache-vie6362-VIE
x-traceid: be9a2f5ec478b0401f260ddca2a802d5
accept-ranges: bytes
content-length: 10659
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 204 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
524 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNzYzMTY5MjYxOTAxOTc2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6InJldHVybnNhbmRyZWZ1bmRfY29tLW5hdGl2ZXNpbmdsZS0xIiwidF9lcG9jaCI6MTY3MjAyODYyNywiYWRfcG9zaXRpb24iOjExMTcsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJjb21wX2lkIjoyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6MH1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2VbPkzb1aaARJ0l4nmdtWmBwJexst3c%2FCNeZQvNIEA8YWyohsrpl6Mj59BJ4Cf2c9ylOnQ3eMZQbZdrrsm3pAGe%2BLw%2Bt1fKZKKQ7U8ExU9qevFgWeN%2F3Q%2F8IQzcY0DUpsgzUcwSF%2FndWkVqvfA7dfZYQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b12be1bbbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:48 GMT

GET
H2 200 ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ 2 KB
3 KB 42ms
42ms Image
image/png 23.203.125.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.125.62 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "c52b07e749f7a09fa7b97b7e195e06ce:1662969049.940408"
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2326
expires: Wed, 25 Jan 2023 04:23:48 GMT

GET
H2 200 achoice.svg
widgets.outbrain.com/images/widgetIcons/ 3 KB
3 KB 43ms
43ms Image
image/svg+xml 23.203.125.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.125.62 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
last-modified: Mon, 12 Sep 2022 07:37:47 GMT
server: AkamaiNetStorage
etag: "9d26fa4e7238ed94f1d0d92afb453b3e:1662969032.874716"
access-control-allow-methods: GET,POST
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 2735
expires: Wed, 25 Jan 2023 04:23:48 GMT

GET
H/1.1 200
OK l Show response
mcdp-nydc1.outbrain.com/ 4 B
332 B 425ms
88ms Fetch
text/plain 64.202.112.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://mcdp-nydc1.outbrain.com/l?token=380f82e5a31026695a9b3c2ca1681111_6420_1672028628844&tm=545&eT=0&widgetWidth=809&widgetHeight=298&widgetX=230&widgetY=1223&wRV=20109&pVis=1&lsd=-1&eIdx=&cnsnt=no_consent&ccpa=1---&cheq=0&rtt=431&oo=true&lo=1046&odbreq=1170&odbres=1600&cet=4g&to=1672028627316&ab=0&wl=0
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 26 Dec 2022 04:23:49 GMT
Access-Control-Expose-Headers: content-range
X-TraceId: 880de2ae68e858774fff3d3ed652fbd6
Content-Length: 4
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain; charset=UTF-8

GET
H2 200 monitor.html Show response
widgets.outbrain.com/widgetMonitor/ Frame D66B 4 KB
2 KB 37ms
36ms Document
text/html 23.203.125.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetMonitor/monitor.html?deletelocalstorage=true
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.203.125.62 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e74aad7eedeb94eab0fbb3d4435ff67c95dee259361fd21effd45bcd64424c24

Request headers

Referer: https://returnsandrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 1602
content-type: text/html
date: Mon, 26 Dec 2022 04:23:48 GMT
etag: "9e7d58ad34c85761770fc947d9bee792:1617096471.391057"
expires: Mon, 02 Jan 2023 04:23:48 GMT
last-modified: Tue, 30 Mar 2021 09:27:46 GMT
server: AkamaiNetStorage
timing-allow-origin: * *
vary: Accept-Encoding

GET
H2 200 eyJpdSI6ImU5ODVlMjZhOGExNzAxOTc2N2EwZjc3NGJmMGE0YTIzYzdhOWNlOTlmYTYwM2YzM2JkNjdiOGQ2MzZlMWU5ZjMiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 37 KB
38 KB 267ms
24ms Image
image/webp 23.203.125.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImU5ODVlMjZhOGExNzAxOTc2N2EwZjc3NGJmMGE0YTIzYzdhOWNlOTlmYTYwM2YzM2JkNjdiOGQ2MzZlMWU5ZjMiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.156 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f0695ce90de2243160c55c56cce0596a00096394a3cd8c2989d9a52aa6db06e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:49 GMT
last-modified: Fri, 16 Dec 2022 11:31:34 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2448573
access-control-allow-credentials: false
x-traceid: 5d312be5ef4505866b63739cad2c8d46
timing-allow-origin: *, *
content-length: 38084

GET
H2 200 eyJpdSI6ImZiZjMzOTM4ZjBhZWEzZGE5OGI1ODEwYTdmNTM0MDdhZjNiZmVmYWRmNGM4OWFiNzFkNmI1ZDc0NzkwN2E1YzkiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 26 KB
26 KB 295ms
52ms Image
image/webp 23.203.125.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImZiZjMzOTM4ZjBhZWEzZGE5OGI1ODEwYTdmNTM0MDdhZjNiZmVmYWRmNGM4OWFiNzFkNmI1ZDc0NzkwN2E1YzkiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.156 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3a8b321548311da00b8f0639e903cce40b0860755b2bf3300d05751a15ef5b3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:49 GMT
last-modified: Thu, 10 Nov 2022 05:35:42 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=1145716
access-control-allow-credentials: false
x-traceid: 178d9d7f7007a37704471100c5c0e4c7
timing-allow-origin: *, *
content-length: 26402

GET
H2 200 eyJpdSI6ImVhZGUxZDBjMzU3YWNhNDNkODg1ZTMxYTlhZTI0YzRiODAyYWMyZTg4YWVhZDBhODJhYjZlZmRhY2NlOTRmOTYiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 21 KB
21 KB 269ms
26ms Image
image/webp 23.203.125.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6ImVhZGUxZDBjMzU3YWNhNDNkODg1ZTMxYTlhZTI0YzRiODAyYWMyZTg4YWVhZDBhODJhYjZlZmRhY2NlOTRmOTYiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.156 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c21340d2bfc8a884c9f1510eac24b5cdbe8731e368f386f306886252b1625e0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:49 GMT
last-modified: Tue, 06 Dec 2022 01:18:21 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=1806580
access-control-allow-credentials: false
x-traceid: 72e08aec3dd705824db7d7bc77e77e4c
timing-allow-origin: *, *
content-length: 21362

GET
H2 200 eyJpdSI6IjQ5N2E3MmQwZDI0ZjlkYjcwYTNmY2E5ZjhhZGNlZWMyMjY5Zjc2YzU2MWNkN2I2NTc0NDEyMmE3Yzg0ZWEyYTQiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ 24 KB
24 KB 769ms
525ms Image
image/webp 23.203.125.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6IjQ5N2E3MmQwZDI0ZjlkYjcwYTNmY2E5ZjhhZGNlZWMyMjY5Zjc2YzU2MWNkN2I2NTc0NDEyMmE3Yzg0ZWEyYTQiLCJ3IjozMDAsImgiOjIyNSwiZCI6MS41LCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.203.125.156 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-203-125-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53a304abb51bb40ade56568dc877c16573593f58ca1ea8cb6b5343a59bfb8bc3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:49 GMT
last-modified: Fri, 16 Dec 2022 15:04:10 GMT
access-control-allow-methods: GET,POST
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2462400
access-control-allow-credentials: false
x-traceid: 27aec4c79bd65f961a34246a98fdc658
timing-allow-origin: *, *
content-length: 24098

GET
H2 200 tag.min.js Show response
get.s-onetag.com/48e9aff7-e1fb-417c-a320-ed101cdab11f/ 18 KB
6 KB 36ms
7ms Script
text/javascript 52.222.214.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.s-onetag.com/48e9aff7-e1fb-417c-a320-ed101cdab11f/tag.min.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-22.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91c2f094211bd3a6ad9b69ee4731a8adab4622d225186ec118d69ebb79950731

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: SHNpl_8wt2p1PJfKLDG5Nc7BxQDTckiK
content-encoding: gzip
via: 1.1 474733f16f494ddb794b4f7dfd7de966.cloudfront.net (CloudFront)
date: Mon, 26 Dec 2022 02:53:22 GMT
last-modified: Wed, 19 Oct 2022 18:09:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 5427
etag: W/"32d4340999995f7e75434869149ee50c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=86400
x-amz-cf-id: 3lKium2StQisaNTUo4RdMsaNCXN6P70k-34CwrsFgaycmAeuEfGT3A==

GET
H3 204 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
521 B 20ms
19ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMTZiZjhkNDUtNGQ3NS00YjhjLTUyYjktZTk2OGQ5N2Q2ZTcxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTY3MjAyODYyNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjItMTItMjYifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI0In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjEifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2NzIwMjg2MjcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2NzIwMjg2MjcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMTZiZjhkNDUtNGQ3NS00YjhjLTUyYjktZTk2OGQ5N2Q2ZTcxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTY3MjAyODYyNywiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0OkGyySXGBSuldlK2M8vwgFBG013w3HzDrZYC%2Fh8uThx%2Be6tdkeeVXUWCATUAPIIWI5xPf4bW1BPDWwEylSAj5CevewfbSL5EkafH0CEs6mtuvgHcB7mWsHPuWyA0QRSQqf9AyzkHc6a8U7tRSjmDVDFng%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b131e79bbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

POST
H3 204 greenoaks.gif
returnsandrefund.com/detroitchicago/ 0
545 B 19ms
18ms Ping
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiIzNzYifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjU0MSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiMTUifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMzM2In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMzQyIn0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjExMDEifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiI3ODkifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6Ijc4OSJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjE2YmY4ZDQ1LTRkNzUtNGI4Yy01MmI5LWU5NjhkOTdkNmU3MSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2NzIwMjg2MjcsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjkuNyJ9XX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6pt2KCFA5xI0F13Au5vD9Mdb7elRlsSQiwjjJXyeRev6CWbl3aAjW%2BjI2EAR0xnqLBC4%2FL5f9fl7AbVi26rtPDaTrRVAxWD%2BOafbORhULWUlIGZOHSdp4nQEY3oGknoi1WvvKxW64Otpa9WQxB4E%2FgL3w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://returnsandrefund.com
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b131e7abbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:48 GMT

GET
H3 204 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
527 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:8bea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIxNmJmOGQ0NS00ZDc1LTRiOGMtNTJiOS1lOTY4ZDk3ZDZlNzEiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjcyMDI4NjI3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiMTZiZjhkNDUtNGQ3NS00YjhjLTUyYjktZTk2OGQ5N2Q2ZTcxIiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTY3MjAyODYyNywiZGF0YSI6W3sibmFtZSI6ImlzX2FkX2Jsb2NrZWQiLCJ2YWwiOiJmYWxzZSJ9XX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:8bea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:48 GMT
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4vR1vzth%2Fd3DZuf%2Fj4tVxVygOLvn67qSz2Hi%2Bca6PE0hwJhJfBYzzpXyzUWdAwNzsYdm9PiovWX9lP%2FID%2BLkEfAMKQWFjp1LHWPhLK%2BFBXR56Fgh5jL9sbkjjfDRu5tlxr3Z9ghfPDh6hPhGDdbhZNtCew%3D%3D"}],"group":"cf-nel","max_age":604800}
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 77f70b131e7cbbb5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 04:23:47 GMT

GET
H2 200 / Show response
onetag-geo.s-onetag.com/ 555 B
969 B 171ms
8ms Fetch
application/json 99.86.4.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://onetag-geo.s-onetag.com/
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-3y02-8y06-13y07-2y19-7y0b-6y0d-21y13-4y17-5y1c-y1d-4y20-5y22-3y23-4y24-6y30-4y5e-22y65-1&cmbcb=117&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx20x22x23x24x30x5ex65
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-31.fra6.r.cloudfront.net
Software: /
Resource Hash: f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:14:10 GMT
via: 1.1 ecb3ea567a6c6095a23354fbdc938128.cloudfront.net (CloudFront), 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6, FRA6-C1
age: 579
x-amzn-requestid: 39819d66-91b8-4ee5-b19a-966b8b7aacdc
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-apigw-id: dvHe9HaqCYcFztQ=
content-length: 555
x-amz-cf-id: Wpw_USxLdmwqIKpQxLWU44kkhoK9BD2m5ogdmkNTxDFkIkI1oEgjEw==

GET
H2 200 beacon.min.js Show response
signal-beacon.s-onetag.com/ 20 KB
7 KB 170ms
8ms Script
application/javascript 143.204.215.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://signal-beacon.s-onetag.com/beacon.min.js
Requested by: Host: get.s-onetag.com
URL: https://get.s-onetag.com/48e9aff7-e1fb-417c-a320-ed101cdab11f/tag.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-108.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: SQDb2i9Q5YZSPn9JZMj9axyuCi9GAOZD
content-encoding: gzip
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
date: Mon, 26 Dec 2022 01:01:59 GMT
last-modified: Wed, 10 Aug 2022 09:56:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 12110
x-amz-server-side-encryption: AES256
etag: W/"588a5c88fba4ca02dace48040384e257"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: EJS3fnp1Rnal0ToEQBIIbi5-dmUwU_yHrwEy7NsVKTgJTd8VEth23Q==

GET
H2 200 si
capi.connatix.com/tr/ 0
116 B 185ms
124ms Image
application/json 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capi.connatix.com/tr/si?token=dceed97a-951e-4c47-b565-c2794ffae817&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400
content-type: application/json

GET
H2

200

connatix.player.dc.js Show response
cds.connatix.com/p/209100/ Frame 6E73
Redirect Chain

https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
https://cds.connatix.com/p/209100/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

962 KB
220 KB

39ms
6ms

Script
application/javascript

151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/209100/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 812cb9e6c1bd25ba64b535fa1e85a0f8ef04afc52f60fda2b5095605da3887fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: br
last-modified: Tue, 20 Dec 2022 03:08:37 GMT
age: 505463
etag: "6f70b61e282a2ed696a5d41148480a89"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 224665

Redirect headers

location: https://cds.connatix.com/p/209100/connatix.player.dc.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
date: Mon, 26 Dec 2022 04:23:51 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
content-length: 0
access-control-max-age: 86400

GET
H2 200 hls.ab55e91cf2e7990a858b.js
cds.connatix.com/p/209100/ Frame 6E73 0
47 KB 7ms
7ms Other
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/209100/hls.ab55e91cf2e7990a858b.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: br
last-modified: Tue, 20 Dec 2022 03:08:38 GMT
age: 507297
etag: "80a1209c74d835b17e7188a29e1b4e3c"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 48354

GET
H2 200 player.css
cds.connatix.com/p/209100/ 60 KB
9 KB 8ms
8ms Stylesheet
text/css 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/209100/player.css
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4519788b9b8958b383f07b97731cea368650e671137c3466fc6a4d2e7856145e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: br
last-modified: Tue, 20 Dec 2022 03:08:38 GMT
age: 505462
etag: "fcaf2adfdb23bf2a38b7974460b8b31a"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: text/css
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 9319

POST
H2 200 pls Show response
capi.connatix.com/core/ Frame 6E73 5 KB
3 KB 341ms
341ms XHR
application/x-protobuf 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://capi.connatix.com/core/pls?v=209100&cid=5f049401-746e-4449-8c27-b6b9d8e25882
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: bdcf8ae2211ac9c716617fb7423bdd90aa7dc9fa0ab6a550a9cc6bd25051776d

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: multipart/form-data

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/x-protobuf
access-control-allow-origin: https://returnsandrefund.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 3374

POST sr
capi-tier-2-us-east-2.connatix.com/tr/ Frame 6E73 0
0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4726734a48b33c83575aa629342e5a8c36cf253e8c282c6e067b8a0c60a542ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27666
x-xss-protection: 0
server: sffe
etag: "1432 / 684 of 1000 / last-modified: 1670587582"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 26 Dec 2022 04:23:51 GMT

GET ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 6E73 0
0

POST g
capi-tier-2-us-east-2.connatix.com/rtb/ Frame 6E73 0
0

GET elements.ui.dfd4abd09357a3abb51a.js
cds.connatix.com/p/209100/ Frame 6E73 0
0

GET
H2 200 prebid7.17.0-5.js Show response
cds.connatix.com/p/plugins/ 582 KB
142 KB 7ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.connatix.com/p/plugins/prebid7.17.0-5.js
Requested by: Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 030eb475ef7c0c106d7209a34c0bd8bbd170afaeff8869cdf8643502630e74de

Request headers

Referer: https://returnsandrefund.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 26 Dec 2022 04:23:51 GMT
content-encoding: br
last-modified: Mon, 12 Dec 2022 10:35:23 GMT
age: 1187293
etag: "ba7c8774b5c6bb74c89d4fb6bfc11465"
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-stale=31557600,stale-while-revalidate=31557600,immutable,max-age=31557600
accept-ranges: bytes
content-length: 145615

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/tr/sr?v=209100&cid=5f049401-746e-4449-8c27-b6b9d8e25882

Domain: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Domain: capi-tier-2-us-east-2.connatix.com
URL: https://capi-tier-2-us-east-2.connatix.com/rtb/g?v=209100&cid=5f049401-746e-4449-8c27-b6b9d8e25882

Domain: cds.connatix.com
URL: https://cds.connatix.com/p/209100/elements.ui.dfd4abd09357a3abb51a.js

Verdicts & Comments Add Verdict or Comment

266 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.returnsandrefund.com/	1970-01-20 08:27:10	Name: ezoadgid_200400 Value: -1
.returnsandrefund.com/	1970-01-20 08:27:15	Name: ezoref_200400 Value:
.returnsandrefund.com/	1970-01-20 17:12:44	Name: ezosuibasgeneris-1 Value: 96371c2d-d3b3-42e8-5ce1-02cf815beae4
.returnsandrefund.com/	1970-01-20 08:27:15	Name: ezoab_200400 Value: mod1
.returnsandrefund.com/	1970-01-20 08:27:10	Name: ezopvc_200400 Value: 1
.returnsandrefund.com/	1970-01-20 08:28:35	Name: ezepvv Value: 603
.returnsandrefund.com/	1970-01-20 08:27:10	Name: ezovid_200400 Value: 8198661
.returnsandrefund.com/	1970-01-20 08:27:10	Name: lp_200400 Value: https://returnsandrefund.com/
.returnsandrefund.com/	1970-01-20 08:30:01	Name: ezovuuidtime_200400 Value: 1672028627
.returnsandrefund.com/	1970-01-20 08:27:10	Name: ezovuuid_200400 Value: 923748ad-fca5-43f5-7ba9-3f6a6d2f9db2
.returnsandrefund.com/	1970-01-20 17:12:44	Name: ezCMPCCS Value: false
.returnsandrefund.com/	1970-01-20 08:30:01	Name: active_template::200400 Value: pub_site.1672028628
returnsandrefund.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
returnsandrefund.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
returnsandrefund.com/	1970-01-20 18:03:08	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
returnsandrefund.com/	1970-01-20 18:03:08	Name: ezohw Value: w%3D1600%2Ch%3D1200
.returnsandrefund.com/	1970-01-20 18:03:08	Name: _ga Value: GA1.2.143526789.1672028628
.returnsandrefund.com/	1970-01-20 08:28:35	Name: _gid Value: GA1.2.1530116210.1672028628
.returnsandrefund.com/	1970-01-20 08:27:08	Name: _gat_gtag_UA_150748452_1 Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://returnsandrefund.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid7.17.0-5.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cd.connatix.com/connatix.player.js?cid=5f049401-746e-4449-8c27-b6b9d8e25882 Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cds.connatix.com/p/plugins/prebid7.17.0-5.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

basher.ezodn.com
c0.wp.com
capi-tier-2-us-east-2.connatix.com
capi.connatix.com
cd.connatix.com
cds.connatix.com
ezodn.com
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
get.s-onetag.com
go.ezodn.com
go.ezoic.net
googleads.g.doubleclick.net
gvl.ezodn.com
i0.wp.com
images.outbrainimg.com
imasdk.googleapis.com
mcdp-nydc1.outbrain.com
odb.outbrain.com
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
pixel.wp.com
policypal.co
returnsandrefund.com
s.w.org
securepubads.g.doubleclick.net
signal-beacon.s-onetag.com
stats.wp.com
tcheck.outbrainimg.com
widget-pixels.outbrain.com
widgets.outbrain.com
www.google-analytics.com
www.googletagmanager.com
capi-tier-2-us-east-2.connatix.com
cds.connatix.com
imasdk.googleapis.com
143.204.215.108
151.101.194.137
151.101.2.137
192.0.76.3
192.0.77.2
192.0.77.37
192.0.77.48
199.232.18.132
23.203.125.156
23.203.125.62
2600:9000:211a:8000:2:cb38:840:93a1
2606:4700:3032::ac43:8bea
2606:4700:e4::ac40:a006
2606:4700:e4::ac40:a106
2a00:1450:4001:802::2002
2a00:1450:4001:809::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2008
2a00:1450:400d:80c::200a
2a00:1450:400d:80e::2003
52.222.214.22
63.250.38.4
64.202.112.223
99.86.4.31
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
030eb475ef7c0c106d7209a34c0bd8bbd170afaeff8869cdf8643502630e74de
05a6562177e8e5f89852e08f7bbd6b62597b35d70c92238fcab4d6674ec76048
0bee31da15b0fd55db6b6b86a9f2acdbc7993b6091f222803e7055b18757b82c
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
21fff3473be463ddcf93f0506faf2f3facbd71d73a05f8e53ac2d46a76d082ba
23bb39b607b39a93d953762d2a618a3cbc69c52ceaf70d96890137ca1d2b0228
2c87952cc1c23627496c7874271042bdb6af21efdf7cbf36ec4d98e6cec34d04
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8
383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c
38da98e06ba18c4204f547d30572cd81a2dd3fd5438d306856d2617480ee8639
3986673333826891a3b1d289891efd0689a800f8dbd7a897e016ed1f80e429ea
3a8b321548311da00b8f0639e903cce40b0860755b2bf3300d05751a15ef5b3d
3ce6b31a07f7c8726ae33a889de63889a8099219fad039cfd5992edc0ff47ffd
4519788b9b8958b383f07b97731cea368650e671137c3466fc6a4d2e7856145e
45ec54f6edf49e36dc01d93b61e9b3209c78e6efa525f5c31cbd654013963ad9
4726734a48b33c83575aa629342e5a8c36cf253e8c282c6e067b8a0c60a542ba
47cc72f812cda6c788f5ee338d036206c5c7ac5fac626dda50bf60c30e91ec14
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
53a304abb51bb40ade56568dc877c16573593f58ca1ea8cb6b5343a59bfb8bc3
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
5da10796aec02eacbdd1831c1ab80b2a1a320ebfad9f355e2c33fb4eaa304875
5f852528a2390fb9b04fba4c026d62925b708751dfeb8eb271ef87aa8c9200fa
6032f8d96d302484372bd26161f83050741bf7e6f0cf9d30e61e094678bf28ab
67b55fa1ac1eb182c16573559fb708578b5ff0677b376090584be98f40f7cb5b
6b5ef7861572324f3e9d49c9284d10e8e582e1bc44694394afdf5bdc0e6bd0cd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d09dbd9acb641aa10fd50593fe31e55caeed01a10fac759dcb5c8921c9295d3
6f43661a1459975d418771ddfde2929ccab0b7ef32674ccc5d971b2d2c82074d
70f3677bc5e73d869cd121b1acfd958ea3e77de5b3c62fc0d31fe3a99c8ddeff
7b6892ade7a3c93432db8e67c2be3685e10556e941aa9d526ae2ee06113e327b
812cb9e6c1bd25ba64b535fa1e85a0f8ef04afc52f60fda2b5095605da3887fc
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
834fec9be101527c5727dcdc16ee874e49535c1d1ff7437c2d797c2405a87639
85ea510a074f2cafe47a55809d389ace2bf11c13dc3af25a357832daabe9f692
9044fbab00c13b0511f231a10453c19bf1b6a6c3dbc0e9dd1efe88c9422e30e7
91c2f094211bd3a6ad9b69ee4731a8adab4622d225186ec118d69ebb79950731
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9
949ef00ce71e069fc69a6b829771726245072e18e56b264c536837c459b3febf
957bb4484970c4045b0edaa4f83c014bf6f264ef20f8b5cb560a7b6bc5875a75
96852267480e97e11f1058af3c56a86368b3c6647c2c4de7a69de2a693be9f68
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d
9a38595d63dfae35b88183515b69f8b742128b564b9ea4dbd79908c3aa73921a
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a1839b0d495241b3ff1c9f9ed7a93f900c72a863729b0091acef3be0fb6a69fb
a668b930da9370ef8fdfb80c5f8b497509818b3b4c5e3d3d42efa78022240d08
ac39a1c78ee2bfb88bb463ff41f6df4ecf00704c4d7c0b5917cebd278d3be8ce
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bdcf8ae2211ac9c716617fb7423bdd90aa7dc9fa0ab6a550a9cc6bd25051776d
c21340d2bfc8a884c9f1510eac24b5cdbe8731e368f386f306886252b1625e0b
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c48b5b1a9776c84602de2306d7903a7241158a5077e7a8519af75c33441b8334
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c99ffa666406b233d0791d6f9c7b4675c37ae1e537813b213bc3968a95321355
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cda3688d66efcd9227d4bdc04472b134e614d6609c362875370ba4fb52104a2a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
da3f09bd8d729b04d9c28244b17a17518a4d5ddb4a21cad220f6013552e434dc
dcc0b6437eeec474b65774198371749c6e3f11c12b0bc14f3a971714d0d0e52b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df890343fa68fb000f39100626810cdd5d5700649295581b19b0d1b0cbd8a60c
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74aad7eedeb94eab0fbb3d4435ff67c95dee259361fd21effd45bcd64424c24
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0695ce90de2243160c55c56cce0596a00096394a3cd8c2989d9a52aa6db06e4
f08bda7e60fadca736bd7ed81684d6dd9bd11951aada10c84e66cbeac3c52197
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c
f84293668b02b8c83c20c5c2cf51f8a5a64ac5a15d34be26c85382496b107700
fe4ee1fa950c1852cb16313b91b19a9a17bea7581171bbd338ee258fa03717ea
fff649d2fbd314dfac73b6aa05c37313c2f1398e727d43db2d06fc41229bcb80

returnsandrefund.com Open in urlscan Pro 2606:4700:3032::ac43:8bea Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

107 Requests

95 %HTTPS

42 %IPv6

16 Domains

34 Subdomains

23 IPs

4 Countries

2048 kBTransfer

5745 kBSize

19 Cookies

0 Outgoing links

Page URL History

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

returnsandrefund.com Open in urlscan Pro
2606:4700:3032::ac43:8bea Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

95 %
HTTPS

42 %
IPv6

16
Domains

34
Subdomains

23
IPs

4
Countries

2048 kB
Transfer

5745 kB
Size

19
Cookies

107 HTTP transactions
2 data transactions