urlscan.io logo urlscan.io
SecurityTrails logo

returnsandrefund.com Open in urlscan Pro
18.158.98.109  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.returnsandrefund.com/
Effective URL: https://returnsandrefund.com/
Submission: On October 15 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 4 countries across 13 domains to perform 86 HTTP transactions. The main IP is 18.158.98.109, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is returnsandrefund.com.
TLS certificate: Issued by R3 on August 27th 2021. Valid for: 3 months.
This is the only time returnsandrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.21.77.126 13335 (CLOUDFLAR...)
32 18.158.98.109 16509 (AMAZON-02)
9 142.250.185.98 15169 (GOOGLE)
1 172.67.161.209 13335 (CLOUDFLAR...)
2 172.217.16.138 15169 (GOOGLE)
1 142.250.74.200 15169 (GOOGLE)
4 142.250.185.163 15169 (GOOGLE)
2 91.228.74.133 16509 (AMAZON-02)
2 142.250.186.174 15169 (GOOGLE)
1 143.204.98.9 16509 (AMAZON-02)
1 142.250.185.66 15169 (GOOGLE)
2 142.250.184.194 15169 (GOOGLE)
1 142.250.186.161 15169 (GOOGLE)
5 142.250.186.130 15169 (GOOGLE)
5 142.250.185.97 15169 (GOOGLE)
2 142.250.186.164 15169 (GOOGLE)
1 142.250.185.162 15169 (GOOGLE)
5 142.250.186.65 15169 (GOOGLE)
86 18
1    104.21.77.126 (None, )

ASN13335 (CLOUDFLARENET, US)
www.returnsandrefund.com
32    18.158.98.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
returnsandrefund.com
9    142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net
securepubads.g.doubleclick.net
1    172.67.161.209 (United States)

ASN13335 (CLOUDFLARENET, US)
go.ezodn.com
2    172.217.16.138 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f138.1e100.net
fonts.googleapis.com
1    142.250.74.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f8.1e100.net
www.googletagmanager.com
4    142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com
2    91.228.74.133 (United Kingdom)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
2    142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net
www.google-analytics.com
1    143.204.98.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-9.fra50.r.cloudfront.net
rules.quantcount.com
1    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
adservice.google.de
2    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
adservice.google.com
1    142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net
7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com
5    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
pagead2.googlesyndication.com
5    142.250.185.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f1.1e100.net
tpc.googlesyndication.com
2    142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net
www.google.com
1    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
adservice.google.de
5    142.250.186.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f1.1e100.net
cdn.ampproject.org
Domain Requested by
32 returnsandrefund.com returnsandrefund.com
9 securepubads.g.doubleclick.net returnsandrefund.com
securepubads.g.doubleclick.net
5 cdn.ampproject.org securepubads.g.doubleclick.net
5 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
returnsandrefund.com
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
4 fonts.gstatic.com fonts.googleapis.com
2 www.google.com tpc.googlesyndication.com
returnsandrefund.com
2 adservice.google.com securepubads.g.doubleclick.net
2 adservice.google.de securepubads.g.doubleclick.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com returnsandrefund.com
securepubads.g.doubleclick.net
1 7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 pixel.quantserve.com returnsandrefund.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com returnsandrefund.com
1 www.googletagmanager.com returnsandrefund.com
1 go.ezodn.com returnsandrefund.com
1 www.returnsandrefund.com 1 redirects
86 18

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net
adssettings.google.com
Subject Issuer Validity Valid
returnsandrefund.com
R3		 2021-08-27 -
2021-11-25		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-05 -
2022-07-04		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 4 frames:

Primary Page: https://returnsandrefund.com/
Frame ID: ACD1C3A059B2369D2896929EB460A617
Requests: 83 HTTP requests in this frame

Frame: https://7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 471184A099EE884424A988FC26270143
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: BA3CA56B73A9364B0597687DA725A175
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4D5AD6BB395BB4A32E8B25EAE4AC8C43
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

86
Requests

88 %
HTTPS

0 %
IPv6

13
Domains

18
Subdomains

18
IPs

4
Countries

871 kB
Transfer

2251 kB
Size

25
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.returnsandrefund.com/ HTTP 301
    https://returnsandrefund.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

86 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
returnsandrefund.com/
Redirect Chain
  • https://www.returnsandrefund.com/
  • https://returnsandrefund.com/
113 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
828bfc6c8a68ab44075aad6ea751dcc664ee66aaa7ce54c13e6155f353895f97

Request headers

:method
GET
:authority
returnsandrefund.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

age
44088
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 15 Oct 2021 06:50:08 GMT
display
pub_site_sol
expires
Thu, 14 Oct 2021 06:50:08 GMT
last-modified
Thu, 14 Oct 2021 09:26:10 GMT
pagespeed
off
response
200
server
nginx
set-cookie
ezoadgid_200400=-1; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 07:20:08 UTC ezoref_200400=; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 08:50:08 UTC ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; Path=/; Domain=returnsandrefund.com; Expires=Sat, 15 Oct 2022 06:50:08 UTC; Secure; SameSite=None ezoab_200400=mod1; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 08:50:08 UTC active_template::200400=pub_site.1634280608; Path=/; Domain=returnsandrefund.com; Expires=Sun, 17 Oct 2021 06:50:08 UTC ezopvc_200400=1; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 07:20:08 UTC ezepvv=0; Path=/; Domain=returnsandrefund.com; Expires=Sat, 16 Oct 2021 06:50:08 UTC ezovid_200400=1343530755; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 07:20:08 UTC lp_200400=https://returnsandrefund.com/; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 07:20:08 UTC ezovuuidtime_200400=1634280608; Path=/; Domain=returnsandrefund.com; Expires=Sun, 17 Oct 2021 06:50:08 UTC ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; Path=/; Domain=returnsandrefund.com; Expires=Fri, 15 Oct 2021 07:20:08 UTC ezCMPCCS=true; Path=/; Domain=returnsandrefund.com; Expires=Sat, 15 Oct 2022 06:50:08 GMT
vary
Accept-Encoding Accept-Encoding,User-Agent
x-cache
HIT
x-cache-hits
493
x-ezoic-cdn
Miss
x-middleton-display
pub_site_sol
x-middleton-response
200
x-origin-cache-control
max-age=0
x-sol
pub_site

Redirect headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-type
text/html; charset=UTF-8
age
79831
cache-control
max-age=-1
display
staticcontent_sol
expires
Thu, 14 Oct 2021 08:39:37 GMT
location
https://returnsandrefund.com/
pagespeed
off
response
301
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
x-cache
HIT
x-cache-hits
8
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
301
x-origin-cache-control
max-age=0
x-redirect-by
WordPress
x-sol
pub_site
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTYSpsj6fNkj%2BCiUdxEbzu32bPMSIlGfP6GJSAQkrWvw0woQHJEsDcqgD6e%2Fb9YzuNPCKvlb4nERVrersk2u6aBxA5MM%2BDi8yp8IZPbKfUHQwVseM7v63Kn%2B38POEJK6FfAJz0PgK%2BV5MjQ%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69e71c86682227b4-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		80 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
sffe /
Resource Hash
4f28164f63702bb0a3d11418f9c5623fbb31e149a6a352955ca7fb7f9e65bc44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1016 / 374 of 1000 / last-modified: 1634249183"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27188
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 15 Oct 2021 06:50:08 GMT
dall.js
go.ezodn.com/hb/ 		276 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.ezodn.com/hb/dall.js?b=adyoulike,amx,oftmedia,onetag,pulsepoint,sharethrough,spotx,undertone&cb=195-2-29
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.161.209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d6dfce698a9c886d99f8f6e82f44510d83ce2daddc473985a430974840b97c2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 15 Oct 2021 06:50:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVeOyXmXd5HhxZE%2BWp7kirXQqSIyseAbJKJUnMPwtxn5kmcjva1rcuODoIkyJmgFLH1RRff%2B4PDvCuIiAjnZEu0dgIpdSBUR5AMwTKJDQv7YjjL9PkdG25jRRz3pP54%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
69e71c8d8ada27b4-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 		147 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
x-sol
orig
age
0
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;fcefe7c2-c222-4f55-567b-9eb24e943d31
x-cache
MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
0
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f138.1e100.net
Software
ESF /
Resource Hash
8560545e4daa497c9b908c5423bea77fce0399b21a73cc153c38b6726660dc76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 06:29:58 GMT
server
ESF
date
Fri, 15 Oct 2021 06:50:08 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Fri, 15 Oct 2021 06:50:08 GMT
jquery-1.12.4-wp.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;842bd61f4f404e40c1e82aa86243e97a;2-200400-0;5a9c78a5-d026-40aa-6a45-585870d2fb31
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/ 		765 B
435 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48

Request headers

:path
/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;c5ae736beb74dda836b2ae3f904f7066;2-200400-0;add7caa6-6178-4e55-4816-e60aa99bca65
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
315
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
54fd210257b1628525e797440cfc4867b0ec510badeca070e1e5609772d2fb21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38561
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 15 Oct 2021 06:50:08 GMT
cookieconsent.min.js
returnsandrefund.com/ezoic/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/ezoic/cookieconsent.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

:path
/ezoic/cookieconsent.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
etag
"11a4-5c701b9c2cf40-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
1707
expires
Sat, 15 Oct 2022 06:50:08 GMT
banger.js
returnsandrefund.com/porpoiseant/ 		48 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/banger.js?cb=195-2&bv=80&v=55&PageSpeed=off
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
53f21a3b1ce79928e0f924dbf57b71370b853b7ff18db8cff008c2ffd0bd335d

Request headers

:path
/porpoiseant/banger.js?cb=195-2&bv=80&v=55&PageSpeed=off
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
wp-polyfill.min-7.4.4.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/ 		97 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;edc3aea701545cea1a13b55e3dce180f;2-200400-0;619b94d3-fcc5-44c0-4905-3d263a28f80a
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
index-c3a0df7c92eac5d0bac60c5ca1a841d0.js
returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-c3a0df7c92eac5d0bac60c5ca1a841d0.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
932ed8755a3373924a2fe0fb74539634aeddccdef0de71f8403a110f5e26fd5d

Request headers

:path
/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-c3a0df7c92eac5d0bac60c5ca1a841d0.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;c60a4e5f260b85f8a1b02256996587cc;2-200400-0;c807657a-2ea5-410a-6b63-cdd8a6dfe5b0
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
3843
response
200
last-modified
Wed, 14 Jul 2021 08:59:04 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
hoverIntent.min-1.8.1.js
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/ 		1 KB
555 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Request headers

:path
/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;9e50b06a95a2c37a79b33f81da78ef89;2-200400-0;9bd16346-7036-4e02-6406-0a69d7db25db
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
447
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
superfish.min-1.7.10.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;74aa522f6903ecede49f6fe26e67f571;2-200400-0;2c43ac78-bde2-401b-779a-9b35d4f42146
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1743
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
superfish.args.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 		132 B
209 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
0
x-ezoic-cdn
Hit ds;mm;741c3197cbcdb4fa3069ff8bd82b4d2a;2-200400-0;bca61ee0-c7d2-43e0-7653-76bc31f1bcb0
x-cache
MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
102
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
0
skip-links.min-3.3.3.js
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/ 		386 B
319 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Request headers

:path
/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
78961
x-ezoic-cdn
Hit ds;mm;9dd6d85aaaabfbd9a62c43b4c9b53dea;2-200400-0;bcbd0685-cac2-435c-47c4-920fd1b640db
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
188
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
1
wp-embed.min.js
returnsandrefund.com/wp-includes/js/ 		1 KB
775 B 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/wp-includes/js/wp-embed.min.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
2736
x-ezoic-cdn
Hit ds;mm;b51740ca929dbfbb2effd4726d8c6c8d;2-200400-0;fd058cf5-2df0-435d-7846-c8fbf94ee9e0
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
663
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000, public
display
staticcontent_sol, staticcontent_sol
x-cache-hits
1
cmbv2.js
returnsandrefund.com/detroitchicago/ 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3a7d643f2bbe998f69feef1c66ac486896a217c1f7ea4b4d7a7905b63fe560bd

Request headers

:path
/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public, max-age=31536000, public
x-robots-tag
noindex
return-logo-2.png
returnsandrefund.com/wp-content/uploads/2019/03/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8

Request headers

:path
/wp-content/uploads/2019/03/return-logo-2.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
age
3377
x-ezoic-cdn
Hit ds;mm;dfcf52210967f019fd4ce3feb2e0509c;2-200400-0;8f206c82-cf89-4dfd-7ed1-c30d957865db
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
1075
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=10368000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
3
TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v40/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v40/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://returnsandrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 12 Oct 2021 09:11:03 GMT
x-content-type-options
nosniff
age
250745
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16016
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:16:44 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Oct 2022 09:11:03 GMT
0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v17/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lora/v17/0QIvMX1D_JOuMwr7Iw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://returnsandrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 10 Oct 2021 06:38:20 GMT
x-content-type-options
nosniff
age
432708
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35284
x-xss-protection
0
last-modified
Thu, 28 Jan 2021 22:52:25 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 10 Oct 2022 06:38:20 GMT
download-1.png
returnsandrefund.com/wp-content/uploads/2020/02/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-1.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849

Request headers

:path
/wp-content/uploads/2020/02/download-1.png
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
age
71745
x-ezoic-cdn
Hit ds;ds;502accaecac65cd023d490ab18d798a5;2-200400-0;febc6f31-90e7-4dc9-47b7-04f2c1254e83
x-cache
HIT
x-middleton-display
staticcontent_sol, staticcontent_sol
x-middleton-response
200
content-length
2981
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
image/png
cache-control
public, max-age=31536000
display
staticcontent_sol, staticcontent_sol
x-cache-hits
4
pubads_impl_2021101201.js
securepubads.g.doubleclick.net/gpt/ 		361 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
sffe /
Resource Hash
3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124532
x-xss-protection
0
last-modified
Tue, 12 Oct 2021 08:35:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 15 Oct 2021 06:50:08 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		39 B
79 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
944928d05f6f96329111d874be278f0dde0f11a7e113c67b1e0f663ecf2caf89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55
x-xss-protection
0
expires
Fri, 15 Oct 2021 06:50:08 GMT
houston.js
returnsandrefund.com/detroitchicago/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=5
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7d290a986aa51c808e0a826a9f6540b4e6641d5e55f370fb5cbe39cb16b298f2

Request headers

:path
/detroitchicago/houston.js?gcb=2&cb=5
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:08 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
content-length
1340
download-4.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/download-4.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080

Request headers

:path
/wp-content/uploads/2020/02/download-4.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
age
71746
x-ezoic-cdn
Hit ds;mm;42dbe1ec3ee9c20d6caedbd1281216e7;2-200400-0;33c014e4-7307-4087-4734-65c162af599d
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
4
images-2.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/uploads/2020/02/images-2.jpg
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5

Request headers

:path
/wp-content/uploads/2020/02/images-2.jpg
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
age
40106
x-ezoic-cdn
Hit ds;ds;7b4b808955c5813402eef6c10ded310c;2-200400-0;e14ac528-6a5f-41f5-5f51-736c20bc2b62
x-cache
HIT
content-type
image/jpeg
x-middleton-display
staticcontent_sol, staticcontent_sol
cache-control
public, max-age=31536000
x-middleton-response
200
display
staticcontent_sol, staticcontent_sol
x-cache-hits
2
nmash.js
returnsandrefund.com/porpoiseant/ 		24 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/nmash.js?v=80
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef

Request headers

:path
/porpoiseant/nmash.js?v=80
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
same-origin
accept
*/*
cache-control
no-cache
sec-fetch-dest
worker
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
last-modified
Fri, 15 Oct 2021 04:26:28 GMT
server
nginx
etag
"6083-5ce5c99572875;5c701b9c2cf40-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
imp.gif
returnsandrefund.com/detroitchicago/ 		43 B
128 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C22%2C3%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2250e7f539-c005-4be1-6a65-5d4a76088cd9%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2260313%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A49243%2C%22response_time_orig%22%3A349%2C%22serverid%22%3A%223.120.227.167%3A26291%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1634280608%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path
/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C22%2C3%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2250e7f539-c005-4be1-6a65-5d4a76088cd9%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2260313%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A49243%2C%22response_time_orig%22%3A349%2C%22serverid%22%3A%223.120.227.167%3A26291%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1634280608%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
image/gif
x-middleton-display
imp_sol
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
47
quant.js
secure.quantserve.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2d452ca7bf499867307ebfa48373084a42e1f56ec0a26e5bb2e12f01888c3cc9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
gzip
etag
"XUylRaJiJNdi08iU32oNYQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Fri, 22 Oct 2021 06:50:09 GMT
841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
x-sol
orig
age
0
x-ezoic-cdn
Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;fcefe7c2-c222-4f55-567b-9eb24e943d31
x-cache
MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-middleton-response
200
response
200
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
x-origin-cache-control
max-age=31536000, public
vary
Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-cache-hits
0
cmbdv2.js
returnsandrefund.com/detroitchicago/ 		47 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-5y0c-5y18-4y33-22y56-21&cmbcb=20&sj=x03x0cx18x33x56
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
53a7abf1885465d8719d4bbf21ac3fd4350f62d28c72821517850069c503d0ea

Request headers

:path
/detroitchicago/cmbdv2.js?gcb=195-2&cb=03-5y0c-5y18-4y33-22y56-21&cmbcb=20&sj=x03x0cx18x33x56
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public, max-age=31536000, public
x-robots-tag
noindex
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Oct 2021 16:38:54 GMT
server
Golfe2
age
2943
date
Fri, 15 Oct 2021 06:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 15 Oct 2021 08:01:06 GMT
rules-p-31iz6hfFutd16.js
rules.quantcount.com/ 		3 B
427 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-9.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 04:19:08 GMT
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
age
9062
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 19:50:24 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
x-amz-cf-id
feouR22bi1_N47OFeV8zGb0gU7r9GdGaFJbmLmdQ8VkCvQ-x-CL31g==
pixel;r=1559043417;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1197508952-1634280609132;pbc=;ns=0;ce=1;...
pixel.quantserve.com/ 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1559043417;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-1197508952-1634280609132;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=returnsandrefund.com;je=0;sr=1600x1200x24;dst=0;et=1634280609132;tzo=0;ogl=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 06:50:09 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=131873318&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1028860732&gjid=678327589&cid=1058907375.1634280609&tid=UA-150748452-1&_gid=708157215.1634280609&_r=1&gtm=2ouad0&z=1548690860
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.174 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://returnsandrefund.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 06:50:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
dark-bottom.css
returnsandrefund.com/ezoic/styles/ 		3 KB
787 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/ezoic/styles/dark-bottom.css
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

:path
/ezoic/styles/dark-bottom.css
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
last-modified
Tue, 13 Jul 2021 14:05:09 GMT
server
nginx
etag
"bd7-5c701b9c2cf40-gzip"
vary
Accept-Encoding Accept-Encoding
content-type
text/css
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
725
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		945 B
299 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=2916386894238639&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-box-2%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%2C580x400&prev_scp=a%3D%257C5%257C%26iid1%3D2922536208141662%26eid%3D2922536208141662%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-2922536208141662%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D1000%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C193%2C0%2C192%2C0%2C131%2C20%2C192%2C26%2C156%2C187%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%26ax_ssid%3D10082%7Ca%3D%257C252%257C%26iid1%3D2296327642140289%26eid%3D2296327642140289%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-2296327642140289%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D350%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C131%2C0%2C78%2C0%2C192%2C192%2C168%2C32%2C197%2C143%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C1794%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1634203570&dt=1634280609518&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=650%2C345&adys=80%2C920&adks=3330214951%2C3214824028&ucis=1%7C2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250%7C809x400&msz=300x250%7C580x400&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
7d23b79b0387a2e2ccc9c3dfa6ac2615388c62b99c72049829eab0bacdc7c75d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
269
x-xss-protection
0
google-lineitem-id
-2,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4711 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.161 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f1.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Fri, 15 Oct 2021 06:50:09 GMT
expires
Sat, 15 Oct 2022 06:50:09 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
securepubads.g.doubleclick.net/gampad/ 		476 B
279 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=1960525516172909&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C251%257C%26iid1%3D4927301874108188%26eid%3D4927301874108188%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-4927301874108188%26eb_br%3D04b5efc3207e2390972f099a6a3c4757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D1400%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C1794%26ax_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1634203570&dt=1634280609531&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=315&adys=1110&adks=3121120320&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
910b6fb9ee15268e373e68cba14f83ffdd0b287d1aacea4f5358b4022410ba3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
249
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMTAtMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjUifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMTAtMTUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjUifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6Im5hdmlnYXRpb25fdHlwZSIsInZhbCI6IjAifSx7Im5hbWUiOiJyZWRpcmVjdF9jb3VudCIsInZhbCI6IjAifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=aab98040b954f258-2284e4adf5ca00b1:T=1634280609:S=ALNI_MaPHjkwzC3v1XhiAGlpGeUftyeNKQ
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:12 UTC
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiI1OTEifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjExMjkifSx7Im5hbWUiOiJwZXJmX3Jlc3BfdGltZSIsInZhbCI6IjgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTY3In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjM5In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjQ5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjEyNTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjEyNTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiI5LjgifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiI1OTEifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjExMjkifSx7Im5hbWUiOiJwZXJmX3Jlc3BfdGltZSIsInZhbCI6IjgifSx7Im5hbWUiOiJwZXJmX2ludGVyYWN0aXZlIiwidmFsIjoiMTY3In0seyJuYW1lIjoicGVyZl9jb250ZW50bG9hZGVkIiwidmFsIjoiMjM5In0seyJuYW1lIjoicGVyZl9jb21wbGV0ZSIsInZhbCI6IjQ5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9wYWludCIsInZhbCI6IjEyNTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfY29udGVudGZ1bF9wYWludCIsInZhbCI6IjEyNTcifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiI5LjgifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=aab98040b954f258-2284e4adf5ca00b1:T=1634280609:S=ALNI_MaPHjkwzC3v1XhiAGlpGeUftyeNKQ
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:11 UTC
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxMDgxIn1dfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxMDgxIn1dfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; ezouspvv=0; ezouspva=0; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=aab98040b954f258-2284e4adf5ca00b1:T=1634280609:S=ALNI_MaPHjkwzC3v1XhiAGlpGeUftyeNKQ
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:09 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:09 UTC
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101201&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
4c86b8f7ea4735c82f00dc9f6aad3ca932017c678557debbde1b187a4a060bff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8640
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Fri, 15 Oct 2021 06:50:10 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame BA3C 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 15 Oct 2021 02:47:32 GMT
expires
Sat, 15 Oct 2022 02:47:32 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
14558
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 4D5A 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
b276a895ee266b94c6ecfa2adc080450b4d96855120874513caa535572ab9bcd
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-6KUa4Yiy/cfqhxoEm1c0qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://returnsandrefund.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Fri, 15 Oct 2021 06:50:10 GMT
date
Fri, 15 Oct 2021 06:50:10 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-6KUa4Yiy/cfqhxoEm1c0qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
511
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
3NpV0t_ssl6JniOQZDZq0-jr2lBMmb0RSXUDLe8J8DM.js
pagead2.googlesyndication.com/bg/ Frame BA3C 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/3NpV0t_ssl6JniOQZDZq0-jr2lBMmb0RSXUDLe8J8DM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
dcda55d2dfecb25e899e239064366ad3e8ebda504c99bd114975032def09f033
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:46:45 GMT
content-encoding
br
x-content-type-options
nosniff
age
14605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13493
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 11:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Sat, 15 Oct 2022 02:46:45 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 4D5A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101201&jk=1852922255050949&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101201&jk=1852922255050949&bg=!o6CloOTNAAao6lBpqOo7ACkAdvg8Wqtly_566XEg04zjuu4x7bjwADvbpVbR4kfb6CV8GGwznjzfTgIAAABfUgAAAAxoAQcKAOXQwg_9DMbNwJgCPmF45o8rUuZI2u_pS1vPdw2T-Z-LZSAYOBiLfdmqCn2zwnXUrvGPTSFjsAzmuSE--9fX9nEQhYVreD0kCbOefL6kWUmi4LZ2t_PPIFYQI2Os2A-bR_sodmBM-pBsYTVxt5WXvgVZ-xY9atQ1G_3lmCUazUtrHJ77C6QfGaCZZLr14pxcLS2Gtx2mtIjyMYYIailV7ucssuMUJUkFaOqi1bAyhu6KMGxhQu6TwNMl49HMAjIvkr6hm3FYUtsRM570iaEZ58WgVqp1U82xEwB7wJCfqJlcxh_KYEKDmQKlJJwB4q7uOUq-rxfpnOazG77eb35sK2aWD6L3A7buUydk2SgNbN-HO6XSkr2e3jP-WIAsmLQFl2qB5c_ayXftHbVZG-xxPdTpFowskkmIrLUCzSuLKy6yF16jizejeXuDuBDIKvjahhcmvmGpOfuERJO8E8lODYpw_YcZnHhciLD-HP7Cf5a0JwgoxEXhwJORfDcJsQ3Gok1zhQjjQj7MxyzRNuJc6MTyEZW58cMyNzxUoegBKAQkEFl8f3FXOo5egauspHyHj6dqawKlhB3al-G7areqSRfU-Q0S_-flwfI1EHU-AUMuwrzrUH3pIi0VxnsBJFVAhGgbP4E5NfDAp0wbOuOh9X5dQCx-3AoOdiKcFXoqWCumqYKG-8Nz71pN2y7DZgr2bznoiQjB3Z4vggxSET3deTcFMMPtxbwYqvOrFXcpm0GjAiqXuqG21bYCtqnJIUixR8EnFFDsrcKR2TNy8HPCrmK9Gm6VhWZ1Y1V5nMjkyoPLqZDpcFZk7CGmJTYQlT3nc3q2TPXbJoEo2q0r5wYCOatw0aB4x0IvsYO08gkHcOCHQAp6qlvvbVUK0DYY6A4M14k70DU90xFvbLu3m6b7gNpK4X3sZdEZqxrYNsHqPiTw23oZIMA0kZ4vTrepORz-ciZ9M5zMRrUt1x69VqnsrVahwh27UOKRFH5vsQk9AE4vvy9jNFhLMqOGWebNAddbC9jbO48Y8Sf5PkJ0LM_ElB9A-BqsW8A9yxbC1KMVNssBJXU0CPTB1hPoUeGH_1Y9evhrIEXLa2n9SNV9wxPBHvIUN5eQkorX0S8d4HNRoHnlTPNLH_EnYuREw-26qBVkGJTVE69m1HJY5votjHMmPOh2Aa5tSA0l5te3HUHKrdu7uUpfElG4ZNx0-AUbGjI
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 06:50:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 06:50:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		459 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=2654916917113103&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=a%3D%257C251%257C%26iid1%3D4927301874108188%26eid%3D4927301874108188%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-4927301874108188%26eb_br%3D8b07bae800b215e481d05a271b3e723b%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D700%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C1794%26ax_ssid%3D10082%26lb%3D1400%26reqt%3D1634280612546&eri=1&cookie=ID%3Dd0d0bba48044d642-22abdde2f5ca00a4%3AT%3D1634280609%3AS%3DALNI_MaGzxRjN2pEnjugdU7AtI6S9Ote3w&bc=31&abxe=1&lmt=1634203570&dt=1634280612552&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=315&adys=1110&adks=3121120320&ucis=3&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
89e3f1bd106c149685b09780343418fa2596fbe0c22dfe921095b30b7b67caf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:12 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
240
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		51 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=386705532976271&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=3&rcs=1&prev_scp=a%3D%257C252%257C%26iid1%3D2296327642140289%26eid%3D2296327642140289%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-2296327642140289%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D1%26ftsn%3D3%26br1%3D180%26br2%3D550%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D157%2C131%2C0%2C78%2C0%2C192%2C192%2C168%2C32%2C197%2C143%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C1794%2C20%26ax_ssid%3D10082%26lb%3D350%26reqt%3D1634280612554&eri=1&cookie=ID%3Dd0d0bba48044d642-22abdde2f5ca00a4%3AT%3D1634280609%3AS%3DALNI_MaGzxRjN2pEnjugdU7AtI6S9Ote3w&bc=31&abxe=1&lmt=1634203570&dt=1634280612566&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=345&adys=920&adks=3214824028&ucis=2&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
d891a43fcf24feb58bca5bc4dd1193f74ae23859c1275443c2b0affefa299718
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12308
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		451 B
263 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=161593553888244&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=a%3D%257C5%257C%26iid1%3D2922536208141662%26eid%3D2922536208141662%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-2922536208141662%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D500%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C193%2C0%2C192%2C0%2C131%2C20%2C192%2C26%2C156%2C187%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%26ax_ssid%3D10082%26lb%3D1000%26reqt%3D1634280612570&eri=1&cookie=ID%3Dd0d0bba48044d642-22abdde2f5ca00a4%3AT%3D1634280609%3AS%3DALNI_MaGzxRjN2pEnjugdU7AtI6S9Ote3w&bc=31&abxe=1&lmt=1634203570&dt=1634280612582&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=650&adys=80&adks=3330214951&ucis=1&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
def6ac622aa206aa37309add97715d861f82e35b5fc01b447b707723644a910c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
232
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://returnsandrefund.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012109102127000/ 		189 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f1.1e100.net
Software
sffe /
Resource Hash
ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
74791
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55506
x-xss-protection
0
server
sffe
date
Thu, 14 Oct 2021 10:03:42 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"c42e3b94efe0099e"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 14 Oct 2022 10:03:42 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012109102127000/v0/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012109102127000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f1.1e100.net
Software
sffe /
Resource Hash
19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
304800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4995
x-xss-protection
0
server
sffe
date
Mon, 11 Oct 2021 18:10:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"bc03df60ee69192f"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 11 Oct 2022 18:10:13 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012109102127000/v0/ 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012109102127000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f1.1e100.net
Software
sffe /
Resource Hash
d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
412844
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28507
x-xss-protection
0
server
sffe
date
Sun, 10 Oct 2021 12:09:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"283b6526337df106"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Mon, 10 Oct 2022 12:09:29 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012109102127000/v0/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012109102127000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f1.1e100.net
Software
sffe /
Resource Hash
d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
184127
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1638
x-xss-protection
0
server
sffe
date
Wed, 13 Oct 2021 03:41:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"b3f838efba7b15f2"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 13 Oct 2022 03:41:26 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012109102127000/v0/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012109102127000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.65 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f1.1e100.net
Software
sffe /
Resource Hash
235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
493886
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12820
x-xss-protection
0
server
sffe
date
Sat, 09 Oct 2021 13:38:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"2e8049efde94274d"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sun, 09 Oct 2022 13:38:47 GMT
css
fonts.googleapis.com/ 		6 KB
671 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f138.1e100.net
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 05:59:19 GMT
server
ESF
date
Fri, 15 Oct 2021 06:50:13 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Fri, 15 Oct 2021 06:50:13 GMT
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 14 Oct 2021 13:18:13 GMT
x-content-type-options
nosniff
server
cafe
age
63120
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2502
x-xss-protection
0
expires
Fri, 15 Oct 2021 13:18:13 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ 		295 B
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 14 Oct 2021 20:55:41 GMT
x-content-type-options
nosniff
server
cafe
age
35672
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 15 Oct 2021 20:55:41 GMT
l
www.google.com/ads/measurement/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTOF9AONzrwqpZ3scSW8X5QROGHElsMF5t2IyyeosrgD0Rz3lmJ7E4x6mvOvaQkAGBh4p_U5i0TSCTqtqV7Sihv_TCwbA
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C4MjHpCRpYc_FJsj1-gb4542IAanLs81lkeSh6NoOiv2ghMMBEAEg9PnGJWCVgoCAmAegAavVtLsCyAEJ4AIAqAMByAMKqgTvAU_QXb0Ne5DrEbHIRiVcvazBZi2Kn12yc2W2f96ElJBF2nMvX45jNsxPfAHOp9qzrPpFVxsU9uZ4gAF-rBg92BdqK-ZqiqtaMT6749eDjc--1-GUVlyS6iZtPkY4F-V_sb3DOP363LGkUfCzQA-3hS2tEob4VeI0FKg_d98BlX38QpK_hsHikpGF-zvg3mO8U89aLKAEUGINpt-kDGPHeSthbtEw0vrRma8ei3mmNGQK6gI4JMzbN5rRTVS3N-2Zq0h02nske_u2RUpLepwjwNSOywrq7Ttj-yVQc8lpyoWvinJlCUfG_xfv6WwnTglqwATttKeVtQPgBAGSBQQIBBgBkgUECAUYBKAGLoAHxbSTyQGoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4b2AcA8gcFEJfJhQHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEwzQFQGAFwGyFx4KHAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOBi-yQc&sigh=CeJYxHcOnLk&template_id=484
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers
downsize_200k_v1
tpc.googlesyndication.com/simgad/1613788549050777549/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1613788549050777549/downsize_200k_v1?w=600&h=314
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
sffe /
Resource Hash
78cc339a9516f4a5ad817632418adb33e06553f4df11f7c81d9fd33e5585b765
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 03:48:48 GMT
x-content-type-options
nosniff
age
10885
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40717
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 17:17:00 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 15 Oct 2022 03:48:48 GMT
truncated
/ 		221 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5cd65b3c1a0540b33815d5a17a31fdd9e503e0f22f83636298070e47012be0e1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
greenoaks.gif
returnsandrefund.com/detroitchicago/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQyNzkifV19XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjQyNzkifV19XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw; ezouspvv=180; ezouspva=1; ezouspvh=180
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:13 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyOTYzMjc2NDIxNDAyODkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjlhZTU4N2Y5NWU5NWM4NzZiN2I3NmZkNGM3MmEzODM4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjk2MzI3NjQyMTQwMjg5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MzQyODA2MDgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMTgsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDE4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDM1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ0ODMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyOTYzMjc2NDIxNDAyODkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyOTYzMjc2NDIxNDAyODkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjlhZTU4N2Y5NWU5NWM4NzZiN2I3NmZkNGM3MmEzODM4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjk2MzI3NjQyMTQwMjg5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MzQyODA2MDgsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMTgsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDE4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDM1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ0ODMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyOTYzMjc2NDIxNDAyODkiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4MywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw; ezouspvv=180; ezouspva=1; ezouspvh=180
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:11 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0xMC0xNSJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDgzLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0xMC0xNSJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX2RheV9vZl93ZWVrIiwidmFsIjoiNSJ9LHsibmFtZSI6InRfbG9jYWxfdGltZXpvbmUiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw; ezouspvv=180; ezouspva=1; ezouspvh=180
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:12 UTC
army.gif
returnsandrefund.com/porpoiseant/ 		0
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhdWN0aW9uX2Vwb2NoIjoxNjM0MjgwNjEzLCJhZF9wb3NpdGlvbiI6MTEwMSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImJpZF9mbG9vcl9pbml0aWFsIjozNTAsImJpZF9mbG9vcl9wcmV2IjozNTAsImJpZF9mbG9vcl9maWxsZWQiOjE4MCwiYXVjdGlvbl9jb3VudCI6MiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NTM0LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjI5NjMyNzY0MjE0MDI4OSIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhdWN0aW9uX2Vwb2NoIjoxNjM0MjgwNjEzLCJhZF9wb3NpdGlvbiI6MTEwMSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImJpZF9mbG9vcl9pbml0aWFsIjozNTAsImJpZF9mbG9vcl9wcmV2IjozNTAsImJpZF9mbG9vcl9maWxsZWQiOjE4MCwiYXVjdGlvbl9jb3VudCI6MiwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NTM0LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw; ezouspvv=180; ezouspva=1; ezouspvh=180
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:13 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:11 UTC
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://returnsandrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options
nosniff
age
137913
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:31:40 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://returnsandrefund.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 10 Oct 2021 14:59:32 GMT
x-content-type-options
nosniff
age
402641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Mon, 10 Oct 2022 14:59:32 GMT
integrator.js
adservice.google.de/adsid/ 		0
0
integrator.js
adservice.google.de/adsid/ 		0
0
integrator.js
adservice.google.com/adsid/ 		0
0
integrator.js
adservice.google.com/adsid/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		0
0
integrator.js
adservice.google.de/adsid/ 		0
0
integrator.js
adservice.google.de/adsid/ 		0
0
integrator.js
adservice.google.com/adsid/ 		0
0
integrator.js
adservice.google.com/adsid/ 		0
0
ads
securepubads.g.doubleclick.net/gampad/ 		0
0
activeview
pagead2.googlesyndication.com/pcs/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-eU9QJXHfeNbS7oDqla5n-fzcfDBH6sbEoXik_txltaqd6IIysCGaukiq7r8izI298eOMC6ngsTEkdg7u7CStVFctqfNmq7L52b-MQ7MgZkX5BWajeA&sai=AMfl-YSc3sW-_zu7jno19DAWAOeVmhv7wkyS9kZZzkgmH1l48dpIc00XLsomwuPGK4zn-qV3fuF9Nh1uuxuw8dwEDYptSocJ7YfnTlnPuoS9eQuuSIRPvBvc8CMQP58a&sig=Cg0ArKJSzI21Vge3T3DSEAE&cid=CAASF-RopQtniSejeXiPGIY8tcD3QfyH6dQL&id=ampim&o=0,0&d=1600,1200&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=61&tls=1062&g=100&h=100&tt=1062&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=3214824028
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 06:50:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
army.gif
returnsandrefund.com/porpoiseant/ 		0
42 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjkyMjUzNjIwODE0MTY2MiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiItMSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiLTEifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjk2MzI3NjQyMTQwMjg5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODMsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6Ii0xIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiItMSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ5MjczMDE4NzQxMDgxODgiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiLTEifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6Ii0xIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by
Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmbv2.js?gcb=195-2&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1f-3y32-22y51-1y55-21&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1fx32x51x55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.158.98.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-158-98-109.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjkyMjUzNjIwODE0MTY2MiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjM0MjgwNjA4LCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiI1MGU3ZjUzOS1jMDA1LTRiZTEtNmE2NS01ZDRhNzYwODhjZDkiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiItMSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiLTEifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjk2MzI3NjQyMTQwMjg5IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MzQyODA2MDgsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjUwZTdmNTM5LWMwMDUtNGJlMS02YTY1LTVkNGE3NjA4OGNkOSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODMsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6Ii0xIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiItMSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjQ5MjczMDE4NzQxMDgxODgiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYzNDI4MDYwOCwiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiNTBlN2Y1MzktYzAwNS00YmUxLTZhNjUtNWQ0YTc2MDg4Y2Q5IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiLTEifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6Ii0xIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma
no-cache
cookie
ezoadgid_200400=-1; ezoref_200400=; ezosuigeneris-0=5e25f3681ed6ab6964053b0f924e00b8; ezoab_200400=mod1; active_template::200400=pub_site.1634280608; ezopvc_200400=1; ezepvv=0; ezovid_200400=1343530755; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1634280608; ezovuuid_200400=1f745d86-873f-4e74-442f-46a1e282df7e; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.1058907375.1634280609; _gid=GA1.2.708157215.1634280609; _gat_gtag_UA_150748452_1=1; __qca=P0-1197508952-1634280609132; ezux_lpl_200400=1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false; __gads=ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw; ezouspvv=180; ezouspva=1; ezouspvh=180
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
returnsandrefund.com
referer
https://returnsandrefund.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://returnsandrefund.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 06:50:14 GMT
server
nginx
vary
Accept-Encoding Accept-Encoding
content-type
text/plain; charset=utf-8
x-middleton-display
ezp_sol
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-length
0
expires
Thu, 14 Oct 2021 06:50:12 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adservice.google.de
URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.de
URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.com
URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.com
URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=3664610750924316&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C251%257C%26iid1%3D4927301874108188%26eid%3D4927301874108188%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-4927301874108188%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D5%26bvm%3D0%26bvr%3D5%26shp%3D1%26ftsn%3D3%26br1%3D400%26br2%3D700%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C1794%26ax_ssid%3D10082%26lb%3D700%26reqt%3D1634280613055&eri=1&cookie=ID%3Dd0d0bba48044d642%3AT%3D1634280609%3AS%3DALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw&bc=31&arp=1&abxe=1&lmt=1634203570&dt=1634280614060&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=-9&adys=-9&adks=3121120320&ucis=3&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.
Domain
adservice.google.de
URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.de
URL
https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.com
URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Domain
adservice.google.com
URL
https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com
Domain
securepubads.g.doubleclick.net
URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1852922255050949&correlator=1736888451631590&output=ldjh&impl=fifs&eid=31061423%2C21064372%2C31061425%2C31063140&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211015&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=2&prev_scp=a%3D%257C5%257C%26iid1%3D2922536208141662%26eid%3D2922536208141662%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-2922536208141662%26eb_br%3D57914c3716312cb7e954090f0717ea25%26eba%3D1%26ebss%3D10017%2C10082%2C10061%2C11304%2C11307%26bv%3D4%26bvm%3D0%26bvr%3D4%26shp%3D1%26ftsn%3D3%26acptad%3D1%26br1%3D260%26br2%3D500%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%2C193%2C0%2C192%2C0%2C131%2C20%2C192%2C26%2C156%2C187%2C0%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C1794%2C20%26ax_ssid%3D10082%26lb%3D500%26reqt%3D1634280613128&eri=1&cookie=ID%3Dd0d0bba48044d642%3AT%3D1634280609%3AS%3DALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw&bc=31&arp=1&abxe=1&lmt=1634203570&dt=1634280614135&dlt=1634280608823&idt=261&frm=20&biw=1600&bih=1200&oid=2&adxs=-9&adys=-9&adks=3330214951&ucis=1&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1058907375.1634280609&ga_sid=1634280610&ga_hid=131873318&ga_fc=false&fws=2&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Verdicts & Comments Add Verdict or Comment

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| __ez string| __sellerid string| __ez_nid object| __advertiserRule object| ezasVars boolean| ezhbopt object| __banger_pmp_deals object| _ebcids number| ezobv function| ez_isclean object| ezSlotKVStore function| ezSetSlotTargeting function| ezGetSlotById function| ezSetTargetingFromMap object| ez_queue function| sort_queue function| execute_ez_queue function| ez_write_tag function| in_array object| ezrpos undefined| ez_current_interval number| ez_current_load function| __ez_fad_load boolean| __ez_fad_floatshowd function| __ez_fad_floatshow object| __ez_fad_initslot object| __ez_fad_fastd object| __ez_fad_fastdiv object| __ez_fad_fastslots object| __ez_fad_viewslots object| __ez_fad_instaslots object| ezslit_run object| __ez_fad_divs object| __ez_fad_divsd number| __ez_fad_vw number| __ez_fad_vh number| __ez_fad_count function| __ez_fad_invisible function| __ez_fad_position function| __ez_fad_fast function| __ez_fad_csnt boolean| __ez_fad_haspo function| __ez_fad_rdy function| __ez_fad_docht function| __ez_fad_vpht number| __ez_fad_doc_ht number| __ez_fad_vp_ht boolean| __ez_fad_hascp object| ez_ad_units object| ezslots object| ezsrqt object| __ez_fad_divpos object| ezorbf boolean| isEZABL number| ezmadspc boolean| ezoViewCheck boolean| ezDisableInitialLoad object| googletag object| ezoibfh object| ezaxmns object| ezaucmns object| __ez_fad_floating boolean| __ez_fad_gptd boolean| __ez_fad_ezpbinitd function| __ez_fad_gpt function| __ez_fad_pb function| ezogetbrkey boolean| ezoll string| ezoadxnc string| ezoadhb boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat undefined| $ function| jQuery function| gtag object| dataLayer function| loadCSS object| cookieconsent_options boolean| hasCookieConsent string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| create_ezolpl function| attach_ezolpl string| _audins_dom number| _audins_did number| _ez_fad_vw object| ggeac object| google_js_reporting_queue object| wpcf7 function| __ez_fad_ezpbinit object| epbjs boolean| __enableAnalytics object| __s2sbidders object| __allBidders function| __ez_tkn_evnt function| __ez_fad_scroll number| __ez_fad_scrollint function| __ez_fad_chkpos object| ezRBA function| __ez_addAllListeners undefined| __ez_dims string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL object| ezomash function| ezbanger function| ezvt function| ezvb function| ezsr function| ezosethbbids function| ezoSyncToDfp function| ezoGetDFPSlot function| ezGetSlotViewedTime function| formatBid function| adjustHbValues function| ezorefgsl function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux function| _ez_TOS_TrackEvent function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt object| metricNameMap function| ezlogVital object| _qevents object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst object| webVitals number| indexKey object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| ga_skiplinks object| wp object| jQuery1124024394917711508035 function| uglipop number| ezodomstart number| ezoIint function| epbjsRequestAdUnits function| epbjsRefreshSlot object| ezoptbid object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| gaplugins object| gaGlobal object| gaData object| ct object| ezmt object| ezua object| ezuxgoals object| ezdent object| ezDenty function| ezoChar function| ezoCharSize function| update_cookieconsent_options object| perf_vals string| token object| ezslot_4 object| ezslot_0 number| i3 object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| ezslot_1 boolean| ezowwinit object| GoogleGcLKhOms object| google_image_requests number| ezouspvv string| slotElName number| bid_val object| AMP object| AMP_CONFIG object| __AMP_LOG object| __AMP_ERRORS function| __AMP_REPORT_ERROR object| __AMP_MODE object| __AMP_TOP object| __AMP_SERVICES object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS boolean| __AMP_TAG function| FormProxy

25 Cookies

Domain/Path Name / Value
.returnsandrefund.com/ Name: ezoadgid_200400
Value: -1
.returnsandrefund.com/ Name: ezoref_200400
Value:
.returnsandrefund.com/ Name: ezosuigeneris-0
Value: 5e25f3681ed6ab6964053b0f924e00b8
.returnsandrefund.com/ Name: ezoab_200400
Value: mod1
.returnsandrefund.com/ Name: active_template::200400
Value: pub_site.1634280608
.returnsandrefund.com/ Name: ezopvc_200400
Value: 1
.returnsandrefund.com/ Name: ezepvv
Value: 0
.returnsandrefund.com/ Name: ezovid_200400
Value: 1343530755
.returnsandrefund.com/ Name: lp_200400
Value: https://returnsandrefund.com/
.returnsandrefund.com/ Name: ezovuuidtime_200400
Value: 1634280608
.returnsandrefund.com/ Name: ezovuuid_200400
Value: 1f745d86-873f-4e74-442f-46a1e282df7e
.returnsandrefund.com/ Name: ezCMPCCS
Value: true
returnsandrefund.com/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
returnsandrefund.com/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
.quantserve.com/ Name: mc
Value: 616924a1-22808-5fda7-88bf3
.returnsandrefund.com/ Name: _ga
Value: GA1.2.1058907375.1634280609
.returnsandrefund.com/ Name: _gid
Value: GA1.2.708157215.1634280609
.returnsandrefund.com/ Name: _gat_gtag_UA_150748452_1
Value: 1
.returnsandrefund.com/ Name: __qca
Value: P0-1197508952-1634280609132
returnsandrefund.com/ Name: ezux_lpl_200400
Value: 1634280609326|50e7f539-c005-4be1-6a65-5d4a76088cd9|false
.returnsandrefund.com/ Name: __gads
Value: ID=d0d0bba48044d642:T=1634280609:S=ALNI_MagE8TNqH9SJgqyeeHEdCwTrv0lAw
.doubleclick.net/ Name: IDE
Value: AHWqTUka9rA9rCz_ldLA8W9U2Aous_nad6J8X3aV9HVXqCfPMkKGHiEXTnQOscRz-pw
returnsandrefund.com/ Name: ezouspvv
Value: 180
returnsandrefund.com/ Name: ezouspva
Value: 1
returnsandrefund.com/ Name: ezouspvh
Value: 180

9 Console Messages

Source Level URL
Text
javascript warning URL: https://returnsandrefund.com/
Message:
The resource https://go.ezodn.com/hb/dall.js?b=adyoulike,amx,oftmedia,onetag,pulsepoint,sharethrough,spotx,undertone&cb=195-2-29 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js(Line 9)
Message:
Refused to load the script 'https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7ab5b84c819c126b230ffb59f629d23e.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
cdn.ampproject.org
fonts.googleapis.com
fonts.gstatic.com
go.ezodn.com
pagead2.googlesyndication.com
pixel.quantserve.com
returnsandrefund.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.returnsandrefund.com
adservice.google.com
adservice.google.de
securepubads.g.doubleclick.net
104.21.77.126
142.250.184.194
142.250.185.162
142.250.185.163
142.250.185.66
142.250.185.97
142.250.185.98
142.250.186.130
142.250.186.161
142.250.186.164
142.250.186.174
142.250.186.65
142.250.74.200
143.204.98.9
172.217.16.138
172.67.161.209
18.158.98.109
91.228.74.133
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d452ca7bf499867307ebfa48373084a42e1f56ec0a26e5bb2e12f01888c3cc9
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63
3a7d643f2bbe998f69feef1c66ac486896a217c1f7ea4b4d7a7905b63fe560bd
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
4c86b8f7ea4735c82f00dc9f6aad3ca932017c678557debbde1b187a4a060bff
4d6dfce698a9c886d99f8f6e82f44510d83ce2daddc473985a430974840b97c2
4f28164f63702bb0a3d11418f9c5623fbb31e149a6a352955ca7fb7f9e65bc44
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53a7abf1885465d8719d4bbf21ac3fd4350f62d28c72821517850069c503d0ea
53f21a3b1ce79928e0f924dbf57b71370b853b7ff18db8cff008c2ffd0bd335d
54fd210257b1628525e797440cfc4867b0ec510badeca070e1e5609772d2fb21
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5cd65b3c1a0540b33815d5a17a31fdd9e503e0f22f83636298070e47012be0e1
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
78cc339a9516f4a5ad817632418adb33e06553f4df11f7c81d9fd33e5585b765
7d23b79b0387a2e2ccc9c3dfa6ac2615388c62b99c72049829eab0bacdc7c75d
7d290a986aa51c808e0a826a9f6540b4e6641d5e55f370fb5cbe39cb16b298f2
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
828bfc6c8a68ab44075aad6ea751dcc664ee66aaa7ce54c13e6155f353895f97
8560545e4daa497c9b908c5423bea77fce0399b21a73cc153c38b6726660dc76
89e3f1bd106c149685b09780343418fa2596fbe0c22dfe921095b30b7b67caf9
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48
910b6fb9ee15268e373e68cba14f83ffdd0b287d1aacea4f5358b4022410ba3b
932ed8755a3373924a2fe0fb74539634aeddccdef0de71f8403a110f5e26fd5d
944928d05f6f96329111d874be278f0dde0f11a7e113c67b1e0f663ecf2caf89
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
b276a895ee266b94c6ecfa2adc080450b4d96855120874513caa535572ab9bcd
ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584
d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29
d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef
d891a43fcf24feb58bca5bc4dd1193f74ae23859c1275443c2b0affefa299718
dcda55d2dfecb25e899e239064366ad3e8ebda504c99bd114975032def09f033
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def6ac622aa206aa37309add97715d861f82e35b5fc01b447b707723644a910c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62