www.refund.trading Open in urlscan Pro
185.68.16.161 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.refund.trading/
Submission: On July 29 via automatic, source certstream-suspicious (July 29th 2024, 9:44:34 pm UTC) — Scanned from CA

Summary HTTP 50 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 14 domains to perform 50 HTTP transactions. The main IP is 185.68.16.161, located in Ukraine and belongs to UKRAINE-AS, UA. The main domain is www.refund.trading.
TLS certificate: Issued by R11 on July 20th 2024. Valid for: 3 months.

This is the only time www.refund.trading was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	185.68.16.161 185.68.16.161	200000 (UKRAINE-AS) (UKRAINE-AS)
2	172.217.222.97 172.217.222.97	15169 (GOOGLE) (GOOGLE)
1	173.194.207.95 173.194.207.95	15169 (GOOGLE) (GOOGLE)
2	157.240.229.1 157.240.229.1	32934 (FACEBOOK) (FACEBOOK)
3	172.217.197.93 172.217.197.93	15169 (GOOGLE) (GOOGLE)
8	173.194.204.94 173.194.204.94	15169 (GOOGLE) (GOOGLE)
1	173.194.204.105 173.194.204.105	15169 (GOOGLE) (GOOGLE)
1	173.194.204.102 173.194.204.102	15169 (GOOGLE) (GOOGLE)
4	104.19.131.76 104.19.131.76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	208.95.112.2 208.95.112.2	53334 (TUT-AS) (TUT-AS)
2	157.240.229.35 157.240.229.35	32934 (FACEBOOK) (FACEBOOK)
1	104.21.56.41 104.21.56.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	13

22 185.68.16.161 (Ukraine)

ASN200000 (UKRAINE-AS, UA)
PTR: web634.default-host.net

www.refund.trading	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.222.97 (United States)

ASN15169 (GOOGLE, US)
PTR: qi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.207.95 (United States)

ASN15169 (GOOGLE, US)
PTR: qk-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.197.93 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f93.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 173.194.204.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qb-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.204.105 (United States)

ASN15169 (GOOGLE, US)
PTR: qb-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.204.102 (United States)

ASN15169 (GOOGLE, US)
PTR: qb-in-f102.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.131.76 (None, )

ASN13335 (CLOUDFLARENET, US)

a.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.95.112.2 (United States)

ASN53334 (TUT-AS, US)

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.56.41 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnstat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	refund.trading www.refund.trading	279 KB
8	gstatic.com fonts.gstatic.com	101 KB
4	mgid.com a.mgid.com — Cisco Umbrella Rank: 11382	6 KB
3	youtube.com www.youtube.com — Cisco Umbrella Rank: 84
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	74 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	167 KB
1	cdnstat.net cdnstat.net — Cisco Umbrella Rank: 293359	658 B
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 6326	483 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
1	google.com www.google.com — Cisco Umbrella Rank: 10
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
0	efsa-lawyers.online Failed efsa-lawyers.online Failed
0	jivosite.com Failed code.jivosite.com Failed
50	14

	Domain	Requested by
22	www.refund.trading	www.refund.trading
8	fonts.gstatic.com	fonts.googleapis.com
4	a.mgid.com	www.googletagmanager.com www.refund.trading
3	www.youtube.com	www.refund.trading
2	www.facebook.com	www.refund.trading
2	connect.facebook.net	www.refund.trading connect.facebook.net
2	www.googletagmanager.com	www.refund.trading
1	cdnstat.net	www.refund.trading
1	pro.ip-api.com	www.refund.trading
1	www.google-analytics.com	www.googletagmanager.com
1	www.google.com	www.refund.trading
1	fonts.googleapis.com	www.refund.trading
0	efsa-lawyers.online Failed	www.refund.trading
0	code.jivosite.com Failed	www.refund.trading
50	14

This site contains links to these domains. Also see Links.

Domain
api.whatsapp.com

Subject Issuer	Validity	Valid
www.refund.trading R11	`2024-07-20` - `2024-10-18`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
mgid.com WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-21` - `2025-01-20`	a year	crt.sh
cdnstat.net WE1	`2024-07-09` - `2024-10-07`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.refund.trading/
Frame ID: B7714B5CE2434805C7AA955808446E53
Requests: 46 HTTP requests in this frame

Frame: https://www.youtube.com/embed/1Xsb0vsRncC0?rel=0&fmt=18&html5=1&showinfo=0
Frame ID: 0CD1D632A3A0C09939E8DC4A77041FC1
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/1dvkIcYDRyRE?rel=0&fmt=18&html5=1&showinfo=0
Frame ID: 24F904B24992AF37DEFB6743A9C41005
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/1EeFH93QuoDo?rel=0&fmt=18&html5=1&showinfo=0
Frame ID: AC12B67BE51C6577DA194556846818C3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2483.601120019227!2d-0.1271549!3d51.5021869!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x487604c51f40121f%3A0x76f713267450d16!2zS2luZyBDaGFybGVzIFN0LCBMb25kb24gU1cxQSAyQUgsINCS0LXQu9C40LrQvtCx0YDQuNGC0LDQvdC40Y8!5e0!3m2!1sru!2sua!4v1680706920725!5m2!1sru!2sua
Frame ID: 2F0552FF7968024D0284B84505281FB6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Юридическая помощь с возвратом средств от мошенниковЮридическая помощь по возврату денег с FOREX

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

50
Requests

96 %
HTTPS

0 %
IPv6

14
Domains

14
Subdomains

13
IPs

3
Countries

633 kB
Transfer

1566 kB
Size

11
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://api.whatsapp.com/send?phone=447564715134
Title: +447564715134

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.refund.trading/ 41 KB
10 KB 638ms
147ms Document
text/html 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 799a1a020442e6ef41f1e158208025e4e966b3e88f71d71d9990503867752caf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html
date: Mon, 29 Jul 2024 21:44:28 GMT
etag: W/"a424-602f449893115"
last-modified: Tue, 15 Aug 2023 11:14:49 GMT
server: nginx
x-ray: wnp35082:0.000/wn35082:0.000/wa35082:D=367

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 301 KB
100 KB 192ms
79ms Script
application/javascript 172.217.222.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X6DQB8ZTZ4

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.222.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

7e80e1976ae5f651627cab4ed7256930697215c3000cdca46190596daa0f0b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102349
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 29 Jul 2024 21:44:28 GMT

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 176ms
63ms Stylesheet
text/css 173.194.207.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.207.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qk-in-f95.1e100.net

Software

ESF /

Resource Hash

af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 29 Jul 2024 21:44:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 20:25:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Jul 2024 21:44:28 GMT

GET
H2 200 j7TvgA0w382v.css
www.refund.trading/css/ 37 KB
4 KB 154ms
148ms Stylesheet
text/css 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/css/j7TvgA0w382v.css
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: db2621f2e1eedf53e475c1e721aa9ed385502f23ad88d1eeba3a53ffb57ce535

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Wed, 05 Apr 2023 14:26:12 GMT
server: nginx
etag: W/"642d8504-930f"
content-type: text/css
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 f6sIq4Wx7MAX.css
www.refund.trading/css/ 25 KB
3 KB 154ms
148ms Stylesheet
text/css 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/css/f6sIq4Wx7MAX.css
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 8ace95131be1c8f02ad7bf2bafe3e1994bdf4854776fe1b81071bfb68991405c

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-6304"
content-type: text/css
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 Z2DfF3vIpUco.js Show response
www.refund.trading/js/ 328 B
550 B 148ms
146ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/Z2DfF3vIpUco.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 42a86c37dbbd3db19343be71632684d1549e08fde71a6bd244fa1ef23669d7fd

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 11 Apr 2023 14:07:11 GMT
server: nginx
etag: "6435698f-148"
content-type: application/javascript
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 328
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET 6eWOQxoDQs
code.jivosite.com/widget/ 0
0

GET
H2 200 logo.svg
www.refund.trading/images/ 65 KB
12 KB 151ms
150ms Image
image/svg+xml 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/logo.svg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 124bb07d71989d777ffe0d44389dcf2c90d11c17af163feb076dc17d7033dea3

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Wed, 19 Apr 2023 02:01:00 GMT
server: nginx
etag: W/"643f4b5c-10303"
content-type: image/svg+xml
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 404 logo
www.refund.trading/images/ 1 KB
1 KB 150ms
148ms Image
text/html 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/logo
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: f5993d679b60621e9a1b661e8c3f81d26da3cf2e8b44360f403b6f84737bc844

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/wa35082:D=496
server: nginx
content-length: 1613
content-type: text/html

GET
H2 200 vXlqQU9p3c63.png
www.refund.trading/images/ 6 KB
6 KB 151ms
147ms Image
image/png 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/vXlqQU9p3c63.png
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 7606b05d43444f12f0bbe5ee953f8c079afae8323b4824e9cb73315a8bc47de2

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: "642c3ce8-18d9"
content-type: image/png
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 6361
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 BJB4gTCmTMJJ.png
www.refund.trading/images/ 3 KB
3 KB 147ms
146ms Image
image/png 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/BJB4gTCmTMJJ.png
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 14e26583c943fe08333cda2d5e4fb2211ce61dc6a71438737ed5420a3e950a36

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: "642c3ce8-b73"
content-type: image/png
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 2931
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 wb0MrdThGmez.png
www.refund.trading/images/ 5 KB
5 KB 168ms
163ms Image
image/png 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/wb0MrdThGmez.png
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 80e3443f940d554bcb9708cfcf2500ce630fddc4f498e9370110dd1f44965723

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: "642c3ce8-14ab"
content-type: image/png
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 5291
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 hkD9ohHtMOTK.svg
www.refund.trading/fonts/ 1 KB
1 KB 164ms
162ms Image
image/svg+xml 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/fonts/hkD9ohHtMOTK.svg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 4a12a69741a00b3fe0f1eeab41df223f7ea4ed428a90e091622a46e6db06cd6b

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: "642c3ce8-4a8"
content-type: image/svg+xml
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 1192
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 5YyC3gGqyDBY.svg
www.refund.trading/fonts/ 2 KB
2 KB 417ms
414ms Image
image/svg+xml 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/fonts/5YyC3gGqyDBY.svg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 919271b1f9ecc7a33a89e1afd19948ac5acbfa2b160fc514b7b87476a473bb92

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: "642c3ce8-7f9"
content-type: image/svg+xml
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 2041
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 CSc7ybXfXsq4.svg
www.refund.trading/fonts/ 3 KB
972 B 575ms
573ms Image
image/svg+xml 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/fonts/CSc7ybXfXsq4.svg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 678f09990634ce80cb6ff384cc6beaaaebab4d5415a3ad959c3091bf819f335f

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:16 GMT
server: nginx
etag: W/"642c3ce8-a76"
content-type: image/svg+xml
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 MthYRz2VK0yM.js Show response
www.refund.trading/js/ 87 KB
20 KB 302ms
297ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/MthYRz2VK0yM.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: b9554325fa670f0b81735a88b8f589a58fe659ce53c24ad67f7eb972f6637901

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-15cf8"
content-type: application/javascript
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 7aSSCVR4gIF0.js Show response
www.refund.trading/js/ 88 KB
30 KB 303ms
298ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/7aSSCVR4gIF0.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 3552b0c98c98a30d7de96a69aab2f5b7d6b3c161381a37f2c0302737bc53ad6b

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-15f77"
content-type: application/javascript
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 LS0e0mSwRcKn.js Show response
www.refund.trading/js/ 84 KB
20 KB 277ms
272ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/LS0e0mSwRcKn.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: c966b245bed70be1af626d3a902bb1a1b3ff7014e4c27bf39aa74dfc371c98a3

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-14f3b"
content-type: application/javascript
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 7cLdmuo8s52m.js Show response
www.refund.trading/js/ 20 KB
5 KB 274ms
270ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/7cLdmuo8s52m.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-4e98"
content-type: application/javascript
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 e0wIGWviIiak.js Show response
www.refund.trading/js/ 576 B
797 B 274ms
270ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/e0wIGWviIiak.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: ecab3cc989f7d8cdbd3fd76127601da9f2dc744af7fbe7acee5f9c70bd40bf11

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: "642c3cea-240"
content-type: application/javascript
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 576
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 bm0tXMgj6LL6.css
www.refund.trading/css/ 32 KB
4 KB 273ms
269ms Stylesheet
text/css 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/css/bm0tXMgj6LL6.css
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 3033dc3776d5d14e1daa5813ddd05da4332ece3ae79378d80d1fe438225d9ced

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Wed, 05 Apr 2023 14:48:32 GMT
server: nginx
etag: W/"642d8a40-8190"
content-type: text/css
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 Bc8Vennjla3U.js Show response
www.refund.trading/js/ 379 B
600 B 167ms
164ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/Bc8Vennjla3U.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 6988c318bce6db4c17e12f022db0cb5d64109a171b84df10e5fe291b820b14ff

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: "642c3cea-17b"
content-type: application/javascript
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 379
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 0HEKuPRv1qjH.js Show response
www.refund.trading/js/ 16 KB
3 KB 175ms
172ms Script
application/javascript 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.refund.trading/js/0HEKuPRv1qjH.js
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 015e171d5aba62cfdcacf49e57641ba1820a35f49ed86d138e53ed37fe4bea74

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
content-encoding: br
last-modified: Tue, 04 Apr 2023 15:06:18 GMT
server: nginx
etag: W/"642c3cea-40f0"
content-type: application/javascript
cache-control: max-age=15552000
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 187 KB
67 KB 127ms
125ms Script
application/javascript 172.217.222.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P5VPP2N

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.222.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

0c95158241e5c8690192887d7c8e817599c224c4f342beae15b5fa636e39dce0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68605
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 21:04:28 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Jul 2024 21:44:28 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 224 KB
60 KB 443ms
91ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Jul 2024 21:44:28 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58677
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=12, mss=1316, tbw=2791, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: AhghaHhjZIv0E/1OehE3t6El+qAouI9FukzSn+UXR5YzC+bl8+MyEwfwhptvSVvkJABEEa1t8mP41dEQl17JQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1Xsb0vsRncC0
www.youtube.com/embed/ Frame 0CD1 0
0 1237ms
81ms Document
text/html 172.217.197.93
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/1Xsb0vsRncC0?rel=0&fmt=18&html5=1&showinfo=0

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.197.93 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f93.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jul 2024 21:44:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1dvkIcYDRyRE
www.youtube.com/embed/ Frame 24F9 0
0 1244ms
95ms Document
text/html 172.217.197.93
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/1dvkIcYDRyRE?rel=0&fmt=18&html5=1&showinfo=0

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.197.93 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f93.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jul 2024 21:44:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1EeFH93QuoDo
www.youtube.com/embed/ Frame AC12 0
0 1286ms
140ms Document
text/html 172.217.197.93
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/1EeFH93QuoDo?rel=0&fmt=18&html5=1&showinfo=0

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.197.93 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qa-in-f93.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Jul 2024 21:44:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 btAjg1puaqUp.jpg
www.refund.trading/images/ 86 KB
86 KB 566ms
563ms Image
image/jpeg 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/btAjg1puaqUp.jpg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/css/j7TvgA0w382v.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 8b5c9a3a320f1071ec1ed847cb0c905a671e8a82d5a4586806d50e48307e22f3

Request headers

Referer: https://www.refund.trading/css/j7TvgA0w382v.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Wed, 05 Apr 2023 13:10:56 GMT
server: nginx
etag: "642d7360-15832"
content-type: image/jpeg
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 88114
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 5OfjzZ9CKglp.jpeg
www.refund.trading/images/ 59 KB
59 KB 558ms
556ms Image
image/jpeg 185.68.16.161
UKRAINE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.refund.trading/images/5OfjzZ9CKglp.jpeg
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/css/j7TvgA0w382v.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.68.16.161 , Ukraine, ASN200000 (UKRAINE-AS, UA),
Reverse DNS: web634.default-host.net
Software: nginx /
Resource Hash: 6a6b9829404a70b5b3cdf42fea2f8847454a5b42c64b07bfe7c6d0f2c994512f

Request headers

Referer: https://www.refund.trading/css/j7TvgA0w382v.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
x-ray: wnp35082:0.000/wn35082:0.000/
last-modified: Tue, 04 Apr 2023 23:59:19 GMT
server: nginx
etag: "642cb9d7-eb95"
content-type: image/jpeg
cache-control: max-age=15552000
accept-ranges: bytes
content-length: 60309
expires: Sat, 25 Jan 2025 21:44:28 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 318ms
186ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 22:55:37 GMT
x-content-type-options: nosniff
age: 427731
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 22:55:37 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 186ms
55ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 18:56:43 GMT
x-content-type-options: nosniff
age: 442065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 18:56:43 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
10 KB 315ms
184ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 03:23:35 GMT
x-content-type-options: nosniff
age: 498053
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9644
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 03:23:35 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 239ms
109ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 22:30:28 GMT
x-content-type-options: nosniff
age: 429240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 22:30:28 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 10 KB
10 KB 255ms
124ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 22:40:39 GMT
x-content-type-options: nosniff
age: 428629
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9840
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 22:40:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 199ms
69ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 22:45:03 GMT
x-content-type-options: nosniff
age: 428365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9576
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 22:45:03 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 9 KB
9 KB 316ms
187ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 01:40:30 GMT
x-content-type-options: nosniff
age: 504238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 01:40:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 317ms
188ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refund.trading
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 22:46:19 GMT
x-content-type-options: nosniff
age: 428289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Jul 2025 22:46:19 GMT

GET
H3 200 embed
www.google.com/maps/ Frame 2F05 0
0 496ms
387ms Document
text/html 173.194.204.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d2483.601120019227!2d-0.1271549!3d51.5021869!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x487604c51f40121f%3A0x76f713267450d16!2zS2luZyBDaGFybGVzIFN0LCBMb25kb24gU1cxQSAyQUgsINCS0LXQu9C40LrQvtCx0YDQuNGC0LDQvdC40Y8!5e0!3m2!1sru!2sua!4v1680706920725!5m2!1sru!2sua

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.204.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f105.1e100.net

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-K1rVKWrKkV27oqKHRbUFTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1068
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-K1rVKWrKkV27oqKHRbUFTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
date: Mon, 29 Jul 2024 21:44:29 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
vary: Origin X-Origin Referer
x-content-type-options: nosniff
x-robots-tag: noindex,nofollow
x-xss-protection: 0

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 1634ms
59ms Fetch
text/plain 173.194.204.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X6DQB8ZTZ4&gtm=45je47o0v9108468578za200&_p=1722289468458&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250752&cid=1135816627.1722289469&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722289468&sct=1&seg=0&dl=https%3A%2F%2Fwww.refund.trading%2F&dt=%D0%AE%D1%80%D0%B8%D0%B4%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B0%D1%8F%20%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D1%8C%20%D1%81%20%D0%B2%D0%BE%D0%B7%D0%B2%D1%80%D0%B0%D1%82%D0%BE%D0%BC%20%D1%81%D1%80%D0%B5%D0%B4%D1%81%D1%82%D0%B2%20%D0%BE%D1%82%20%D0%BC%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D0%BA%D0%BE%D0%B2&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1141
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X6DQB8ZTZ4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.204.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: qb-in-f102.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Jul 2024 21:44:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.refund.trading
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 mgsensor.js Show response
a.mgid.com/ 17 KB
6 KB 140ms
60ms Script
application/javascript 104.19.131.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a.mgid.com/mgsensor.js?d=1722289468864&source=gtm

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5VPP2N

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.131.76 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45d2c055791d072ed388bb395f90aaebf2425189bbd03942b8f60855ba4f6988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:28 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-mg-request-uuid: 51a182d9-a363-40f7-bc3a-896722c357f1
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8ab04a5cf922aadc-YYZ
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ 328 B
483 B 261ms
52ms Script
text/javascript 208.95.112.2
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?key=qbYk7OjO4GIy9xU&callback=jQuery36005821091473634341_1722289469039&_=1722289469040
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/js/7aSSCVR4gIF0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 208.95.112.2 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: 9bb87cec7916eeeedb92151070ae601580bee490dfd926ca3f4aa8405a23c6f4

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 29 Jul 2024 21:44:29 GMT
Content-Length: 328
Content-Type: text/javascript; charset=utf-8

GET flags.png
efsa-lawyers.online/lander/efsa-v2/img/ 0
0

GET
H2 200 589421646496994 Show response
connect.facebook.net/signals/config/ 67 KB
14 KB 337ms
336ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/589421646496994?v=2.9.162&r=stable&domain=www.refund.trading&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

6d22786dec3bbb4e366e50316087968d7f3bbc59f75c278c9eb36ecad28cc2e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 29 Jul 2024 21:44:29 GMT
document-policy: force-load-at-top
x-fb-server-load: 23
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=46, rtx=5, c=28, mss=1316, tbw=64199, tp=-1, tpl=-1, uplat=291, ullat=0
pragma: public
x-fb-debug: lOLlyVHT6RI1RtF4gm/KGEhutNcRQQTTXOKzbXJ511+ruYqE4aD++lVFwDa5g4micyjMsLYPqjFkBBcHpyorjw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1x1.gif
a.mgid.com/ 43 B
268 B 54ms
53ms Image
image/gif 104.19.131.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=793096&type=c&tg=__gtm_buy_target&r=https%3A%2F%2Fwww.refund.trading%2F&nv=1&clid=&gtms=buy&gtmc=lead&d=1722289469519

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.131.76 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:29 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 8ab04a609d1aaadc-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H3 200 1x1.gif
a.mgid.com/ 43 B
269 B 53ms
52ms Image
image/gif 104.19.131.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=793096&type=c&tg=__gtm_decision_target&r=https%3A%2F%2Fwww.refund.trading%2F&nv=1&clid=&gtms=decision&gtmr=gtm.js&gtmc=lead&d=1722289469520

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.131.76 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:29 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 8ab04a609d1baadc-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H3 200 1x1.gif
a.mgid.com/ 43 B
269 B 65ms
64ms Image
image/gif 104.19.131.76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.mgid.com/1x1.gif?id=793096&type=c&tg=&r=https%3A%2F%2Fwww.refund.trading%2F&nv=1&clid=&d=1722289469523

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.131.76 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:29 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 8ab04a609d1faadc-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 906ms
44ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=589421646496994&ev=PageView&dl=https%3A%2F%2Fwww.refund.trading%2F&rl=&if=false&ts=1722289469610&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1722289469601.543767984584346515&cs_est=true&ler=empty&cdl=API_unavailable&it=1722289469222&coo=false&rqm=GET

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=10, mss=1316, tbw=2817, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 29 Jul 2024 21:44:30 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 1072ms
210ms Image
image/png 157.240.229.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=589421646496994&ev=PageView&dl=https%3A%2F%2Fwww.refund.trading%2F&rl=&if=false&ts=1722289469610&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1722289469601.543767984584346515&cs_est=true&ler=empty&cdl=API_unavailable&it=1722289469222&coo=false&rqm=FGET

Requested by

Host: www.refund.trading
URL: https://www.refund.trading/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Mon, 29 Jul 2024 21:44:30 GMT
document-policy: force-load-at-top
x-fb-server-load: 39
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7397176948991469525", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=14, mss=1316, tbw=3135, tp=-1, tpl=-1, uplat=165, ullat=0
pragma: no-cache
x-fb-debug: QCiW035+mrX8OF0PZ+oKXZ8pPr1FQOCriYFPtTr/6jEFP9djfyKA5IadwEE2iYpL0qSbtkd9mUF0YFfLTaYYSw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7397176948991469525"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 script.js Show response
cdnstat.net/get/ 129 B
658 B 345ms
240ms Script
text/javascript 104.21.56.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnstat.net/get/script.js?referrer=https://www.refund.trading/
Requested by: Host: www.refund.trading
URL: https://www.refund.trading/js/7aSSCVR4gIF0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.56.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.1
Resource Hash: c59a3960888d96b3748601b9b77df171bafa3d53289ec4b8b6db3d474e9a39e1

Request headers

Referer: https://www.refund.trading/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 21:44:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.2.1
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://www.refund.trading
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HSJuKLwRAQP6%2BqjHkdH3858UhBB%2BzKpFytOXvWM9%2Bx9UMf3ewMcwaiw9vk69Ph3E%2F%2BqlfWWkXGpFoLen0YfIYWCCHHfvrjmJmedg40J4ho9JwIPpEQUVcc%2FEtnlP3g%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8ab04a647dbbac40-YYZ
access-control-allow-headers: X-Requested-With,content-type
alt-svc: h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: code.jivosite.com
URL: https://code.jivosite.com/widget/6eWOQxoDQs

Domain: efsa-lawyers.online
URL: https://efsa-lawyers.online/lander/efsa-v2/img/flags.png

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.refund.trading/	1970-01-21 08:00:49	Name: _ga_X6DQB8ZTZ4 Value: GS1.1.1722289468.1.0.1722289468.0.0.0
.refund.trading/	1970-01-21 08:00:49	Name: _ga Value: GA1.1.1135816627.1722289469
.mgid.com/	1970-01-20 22:24:51	Name: __cf_bm Value: YbzTBAOS8ekVYJYNZ2q6MtwEUsLWCl7RUzFTkdwHA5I-1722289468-1.0.1.1-UcxJreGJDPF2SJOGb37qOUcYgsGGin77JI0UYKBRBx.Px0v3NEeyPiakXFjj7mUk.H2QNVgbZI7T3lX6nTOuxg
.refund.trading/	1970-01-21 00:34:25	Name: MgidSensorNVis Value: 1
.refund.trading/	1970-01-21 00:34:25	Name: MgidSensorHref Value: https://www.refund.trading/
www.refund.trading/	1970-01-20 22:25:29	Name: PHPREFS Value: full
.mgid.com/	1970-01-21 07:10:25	Name: muidn Value: o6ttUhdQrHIe
.refund.trading/	1970-01-21 00:34:25	Name: _fbp Value: fb.1.1722289469601.543767984584346515
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: kjS9GqDEdFM
.youtube.com/	1970-01-21 02:44:01	Name: VISITOR_INFO1_LIVE Value: y-LoO6pS27Y
.youtube.com/	1970-01-21 02:44:01	Name: VISITOR_PRIVACY_METADATA Value: CgJDQRIEGgAgPA%3D%3D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.refund.trading/images/logo Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://efsa-lawyers.online/lander/efsa-v2/img/flags.png Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.mgid.com
cdnstat.net
code.jivosite.com
connect.facebook.net
efsa-lawyers.online
fonts.googleapis.com
fonts.gstatic.com
pro.ip-api.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.refund.trading
www.youtube.com
code.jivosite.com
efsa-lawyers.online
104.19.131.76
104.21.56.41
157.240.229.1
157.240.229.35
172.217.197.93
172.217.222.97
173.194.204.102
173.194.204.105
173.194.204.94
173.194.207.95
185.68.16.161
208.95.112.2
015e171d5aba62cfdcacf49e57641ba1820a35f49ed86d138e53ed37fe4bea74
0c95158241e5c8690192887d7c8e817599c224c4f342beae15b5fa636e39dce0
124bb07d71989d777ffe0d44389dcf2c90d11c17af163feb076dc17d7033dea3
14e26583c943fe08333cda2d5e4fb2211ce61dc6a71438737ed5420a3e950a36
3033dc3776d5d14e1daa5813ddd05da4332ece3ae79378d80d1fe438225d9ced
3552b0c98c98a30d7de96a69aab2f5b7d6b3c161381a37f2c0302737bc53ad6b
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
42a86c37dbbd3db19343be71632684d1549e08fde71a6bd244fa1ef23669d7fd
45d2c055791d072ed388bb395f90aaebf2425189bbd03942b8f60855ba4f6988
47aa3bfad6cb9e2d63abdd58f4e6ce4f7b9fd2704b2b15193c71874035fe025d
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4a12a69741a00b3fe0f1eeab41df223f7ea4ed428a90e091622a46e6db06cd6b
678f09990634ce80cb6ff384cc6beaaaebab4d5415a3ad959c3091bf819f335f
6988c318bce6db4c17e12f022db0cb5d64109a171b84df10e5fe291b820b14ff
6a6b9829404a70b5b3cdf42fea2f8847454a5b42c64b07bfe7c6d0f2c994512f
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
6d22786dec3bbb4e366e50316087968d7f3bbc59f75c278c9eb36ecad28cc2e4
7606b05d43444f12f0bbe5ee953f8c079afae8323b4824e9cb73315a8bc47de2
799a1a020442e6ef41f1e158208025e4e966b3e88f71d71d9990503867752caf
7e80e1976ae5f651627cab4ed7256930697215c3000cdca46190596daa0f0b2c
80e3443f940d554bcb9708cfcf2500ce630fddc4f498e9370110dd1f44965723
8ace95131be1c8f02ad7bf2bafe3e1994bdf4854776fe1b81071bfb68991405c
8b5c9a3a320f1071ec1ed847cb0c905a671e8a82d5a4586806d50e48307e22f3
919271b1f9ecc7a33a89e1afd19948ac5acbfa2b160fc514b7b87476a473bb92
9bb87cec7916eeeedb92151070ae601580bee490dfd926ca3f4aa8405a23c6f4
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af9e52b1788e243b0a07ba97a3de75df5845d00b896f1b83f38c42702a7ba690
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b9554325fa670f0b81735a88b8f589a58fe659ce53c24ad67f7eb972f6637901
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
c59a3960888d96b3748601b9b77df171bafa3d53289ec4b8b6db3d474e9a39e1
c966b245bed70be1af626d3a902bb1a1b3ff7014e4c27bf39aa74dfc371c98a3
db2621f2e1eedf53e475c1e721aa9ed385502f23ad88d1eeba3a53ffb57ce535
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ecab3cc989f7d8cdbd3fd76127601da9f2dc744af7fbe7acee5f9c70bd40bf11
f5993d679b60621e9a1b661e8c3f81d26da3cf2e8b44360f403b6f84737bc844
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

www.refund.trading Open in urlscan Pro 185.68.16.161 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

0 %IPv6

14 Domains

14 Subdomains

13 IPs

3 Countries

633 kBTransfer

1566 kBSize

11 Cookies

1 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.refund.trading Open in urlscan Pro
185.68.16.161 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

0 %
IPv6

14
Domains

14
Subdomains

13
IPs

3
Countries

633 kB
Transfer

1566 kB
Size

11
Cookies

50 HTTP transactions
0 data transactions