visa-claim.airrefund.com Open in urlscan Pro
18.238.55.35 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://visa-claim.airrefund.com/
Submission: On March 12 via api (March 12th 2024, 9:26:01 pm UTC) from US — Scanned from US

Summary HTTP 89 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 28 IPs in 2 countries across 23 domains to perform 89 HTTP transactions. The main IP is 18.238.55.35, located in United States and belongs to AMAZON-02, US. The main domain is visa-claim.airrefund.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on March 11th 2024. Valid for: a year.

This is the only time visa-claim.airrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	18.238.55.35 18.238.55.35	16509 (AMAZON-02) (AMAZON-02)
11	13.225.214.29 13.225.214.29	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80b::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
2	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:20e... 2600:9000:20ee:6e00:18:427:27c0:21	16509 (AMAZON-02) (AMAZON-02)
4	54.171.83.16 54.171.83.16	16509 (AMAZON-02) (AMAZON-02)
11	2606:4700::68... 2606:4700::6812:1eea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700::68... 2606:4700::6810:bc59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 2	2607:f8b0:400... 2607:f8b0:4006:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::2002	15169 (GOOGLE) (GOOGLE)
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	23.48.224.106 23.48.224.106	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::35	15169 (GOOGLE) (GOOGLE)
2	172.65.192.122 172.65.192.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:806::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:80d::200a	15169 (GOOGLE) (GOOGLE)
1	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80d::2003	15169 (GOOGLE) (GOOGLE)
89	28

15 18.238.55.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-35.jfk52.r.cloudfront.net

visa-claim.airrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.225.214.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-29.ewr50.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80b::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::2003 (United States)

ASN15169 (GOOGLE, US)

static.dialogflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o78139.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ee:6e00:18:427:27c0:21 (United States)

ASN16509 (AMAZON-02, US)

d2htwrs017c1b3.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.83.16 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-83-16.eu-west-1.compute.amazonaws.com

visa-api-en.airrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
visa-portal-en.airrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:1eea (United States)

ASN13335 (CLOUDFLARENET, US)

app.termly.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:81f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bc59 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80e::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.48.224.106 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-224-106.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:817::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::35 (United States)

ASN15169 (GOOGLE, US)

server-side-tagging-6dborax6xa-ez.a.run.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:806::200e (United States)

ASN15169 (GOOGLE, US)

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	airrefund.com visa-claim.airrefund.com visa-api-en.airrefund.com visa-portal-en.airrefund.com	2 MB
11	termly.io app.termly.io — Cisco Umbrella Rank: 17508	321 KB
11	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 5444	48 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	21 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	572 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 693	152 KB
4	bing.com bat.bing.com — Cisco Umbrella Rank: 375	14 KB
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 google.com — Cisco Umbrella Rank: 1	929 B
3	gstatic.com www.gstatic.com fonts.gstatic.com	47 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	1 KB
2	hscollectedforms.net js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 25661 forms-eu1.hscollectedforms.net — Cisco Umbrella Rank: 26231	26 KB
2	run.app server-side-tagging-6dborax6xa-ez.a.run.app	980 B
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 84	941 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	71 KB
2	hs-scripts.com 1 redirects js.hs-scripts.com — Cisco Umbrella Rank: 2484 js-eu1.hs-scripts.com — Cisco Umbrella Rank: 13919	2 KB
2	sentry.io o78139.ingest.sentry.io	431 B
2	dialogflow.com static.dialogflow.com — Cisco Umbrella Rank: 45661	3 KB
1	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 27212	1 KB
1	hubspot.com track-eu1.hubspot.com — Cisco Umbrella Rank: 15571	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	270 B
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 15124	21 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 14938	23 KB
1	cloudfront.net d2htwrs017c1b3.cloudfront.net	66 KB
89	23

	Domain	Requested by
15	visa-claim.airrefund.com	visa-claim.airrefund.com
11	app.termly.io	visa-claim.airrefund.com app.termly.io
11	widget.trustpilot.com	visa-claim.airrefund.com widget.trustpilot.com
6	www.google-analytics.com	www.googletagmanager.com visa-claim.airrefund.com
6	www.googletagmanager.com	visa-claim.airrefund.com www.googletagmanager.com
5	analytics.tiktok.com	visa-claim.airrefund.com analytics.tiktok.com
4	bat.bing.com	www.googletagmanager.com bat.bing.com visa-claim.airrefund.com
3	visa-portal-en.airrefund.com	visa-claim.airrefund.com visa-portal-en.airrefund.com
2	fonts.googleapis.com	www.gstatic.com
2	google.com	www.googletagmanager.com
2	server-side-tagging-6dborax6xa-ez.a.run.app	visa-claim.airrefund.com
2	www.google.com	1 redirects visa-claim.airrefund.com
2	connect.facebook.net	visa-claim.airrefund.com connect.facebook.net
2	o78139.ingest.sentry.io	visa-claim.airrefund.com
2	static.dialogflow.com	www.gstatic.com
2	www.gstatic.com	visa-claim.airrefund.com www.gstatic.com
1	fonts.gstatic.com	fonts.googleapis.com
1	forms-eu1.hsforms.com
1	forms-eu1.hscollectedforms.net	visa-claim.airrefund.com
1	track-eu1.hubspot.com
1	www.facebook.com	visa-claim.airrefund.com
1	stats.g.doubleclick.net	visa-claim.airrefund.com
1	js-eu1.hs-analytics.net	js.hs-scripts.com
1	js-eu1.hs-banner.com	js.hs-scripts.com
1	js-eu1.hscollectedforms.net	js.hs-scripts.com
1	googleads.g.doubleclick.net	visa-claim.airrefund.com
1	js-eu1.hs-scripts.com	visa-claim.airrefund.com
1	js.hs-scripts.com	1 redirects
1	visa-api-en.airrefund.com	visa-claim.airrefund.com
1	d2htwrs017c1b3.cloudfront.net	visa-claim.airrefund.com
89	30

This site contains links to these domains. Also see Links.

Domain
visa-portal-en.airrefund.com

Subject Issuer	Validity	Valid
claim.your-ce.com Amazon RSA 2048 M03	`2024-03-11` - `2025-04-09`	a year	crt.sh
*.trustpilot.com Amazon RSA 2048 M03	`2024-01-03` - `2025-01-31`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
devsite-sni.developers.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
api.flight-delayed.com Amazon RSA 2048 M02	`2024-03-11` - `2025-04-09`	a year	crt.sh
portal-en.airrefund.com Amazon RSA 2048 M02	`2024-03-11` - `2025-04-09`	a year	crt.sh
app.termly.io Sectigo RSA Domain Validation Secure Server CA	`2023-05-03` - `2024-06-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-21` - `2024-03-20`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.a.run.app GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-29` - `2024-04-28`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://visa-claim.airrefund.com/
Frame ID: F4902B5087880C8ACB1214DAB3F4688B
Requests: 88 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f
Frame ID: 1C93C88B2E7BE88B48EB2D95B84B0761
Requests: 5 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f
Frame ID: 3B04276355FD5C443431EE7FDEF20A4E
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AirRefund.com - VISA - Flight delayed or cancelled? Claim your compensation or refund!departure-iconarrival-icon

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

89
Requests

98 %
HTTPS

61 %
IPv6

23
Domains

30
Subdomains

28
IPs

2
Countries

3100 kB
Transfer

9254 kB
Size

26
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://visa-portal-en.airrefund.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://js.hs-scripts.com/26198936.js HTTP 307
https://js-eu1.hs-scripts.com/26198936.js

Request Chain 54

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&auid=1974518895.1710278756 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&auid=1974518895.1710278756

89 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
visa-claim.airrefund.com/ 66 KB
16 KB 295ms
77ms Document
text/html 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

b794b242731e239089b6f6e97d663d87ea3607da51f62fb34678139b38269c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 22396
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 12 Mar 2024 15:12:37 GMT
etag: W/"65f03316-10735"
last-modified: Tue, 12 Mar 2024 10:48:54 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: iDuKTwrAPJ1r2nc6k0LwU3LelZq5oyhvlPM2Ev8FIBpbhB6ZFT_BOg==
x-amz-cf-pop: JFK52-P4
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 21 KB
7 KB 231ms
61ms Script
application/x-javascript 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:38:54 GMT
content-encoding: gzip
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: EWR50-C1
age: 47814
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6759
x-xss-protection: 1; mode=block
last-modified: Thu, 26 Oct 2023 12:27:20 GMT
server: AmazonS3
etag: "15864ce88fa79a3e954417d0c3396798"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: b7r9lUwME8uUBw2rXXLBxGkCkeyctZTc0hncNqug_YSIJDyc3pxddg==

GET
H2 200 webpack-runtime-c76dfc8310df0b58db14.js Show response
visa-claim.airrefund.com/ 4 KB
3 KB 375ms
371ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/webpack-runtime-c76dfc8310df0b58db14.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

589f5a3f734db455a235559c0788719325a340fece5d367dfc9374e3ddbc4d03

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f0330a-109e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: rK0GnsUBehkuiRqxOM47ma7zyCl4u0AXdTfvljSG73x0yUawjWq64A==
x-xss-protection: 1; mode=block

GET
H2 200 framework-2d284c15969b9bedbffe.js Show response
visa-claim.airrefund.com/ 126 KB
40 KB 438ms
435ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/framework-2d284c15969b9bedbffe.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

a0988d54856d9188c61b89118af4753505683ebbc9d91577790fff1de94d3272

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f0330a-1f714"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: 6Eh4JppNr3ImCiQ9oPGDnQr3IqYBrA4Ig3zdNkcVGaoasOfiNFZd5A==
x-xss-protection: 1; mode=block

GET
H2 200 app-721cba0791b21cf587ca.js Show response
visa-claim.airrefund.com/ 135 KB
46 KB 521ms
518ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/app-721cba0791b21cf587ca.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

c06ed4d12a5f0f49c062549fbad143575c662c4620f0326cf4867e7beae579c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f0330a-21d43"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: sQpQeeHphwb40Dw7IiyeQ69yxiv51RYWUaiItnQbGtPt0EjD9RTzXw==
x-xss-protection: 1; mode=block

GET
H2 200 styles-f12963b3798c232a68f6.js Show response
visa-claim.airrefund.com/ 117 B
555 B 349ms
346ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/styles-f12963b3798c232a68f6.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

0c42c00ebb99b3f3ae90fab5ffe9fb081fa68f8e68f2b34a5054e46a99640b75

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
etag: "65f03309-75"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: application/javascript; charset=utf-8
accept-ranges: bytes
content-length: 117
x-xss-protection: 1; mode=block
x-amz-cf-id: hBDoce0ZhzSiVwYxowDqy7ZB2dycWC7dh6HNV3KTMINcGRLvgjUJtw==

GET
H2 200 29107295-4332646918cbf163774c.js Show response
visa-claim.airrefund.com/ 71 KB
25 KB 354ms
351ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/29107295-4332646918cbf163774c.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

5d6779ed62a06476886eef947d31e6c87bcec1d371b07175fc63cd321bd3ba55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-11c02"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: VimgHQ4INTLj36WGcmz5BgYgxT4pAhoyNd3xYYhlFbLZPqm62HiKIA==
x-xss-protection: 1; mode=block

GET
H2 200 0fba3465c6536f77d2d569fc31c9b112c329da10-90a5b9399d45cdd0d45c.js Show response
visa-claim.airrefund.com/ 90 KB
24 KB 506ms
503ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/0fba3465c6536f77d2d569fc31c9b112c329da10-90a5b9399d45cdd0d45c.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

6fc07aa77722646010c4c4cca3b153e435fc47c47b2b0c68dc4e853212d60f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-16871"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: iMGAGJAVIPhQt9X-35sTgAd_DIx0r8oaYGtK1hUBZg8abYmZnJpuiw==
x-xss-protection: 1; mode=block

GET
H2 200 c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js Show response
visa-claim.airrefund.com/ 2 MB
728 KB 473ms
471ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

d7f763d61ccb650c75de4a6b2dfa17fac882a45db3cb0e330f2706a7813281e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-210c64"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: xcTk9THOQYllse5lxO5ZdqgK2gyp30rJxzq8RiWGUkRLccbzb4UZ1w==
x-xss-protection: 1; mode=block

GET
H2 200 932358ebc7e75fc9754746453ae0e3050c7a9cfd-3ad06714db9c6a2edf6d.js Show response
visa-claim.airrefund.com/ 18 KB
8 KB 370ms
368ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/932358ebc7e75fc9754746453ae0e3050c7a9cfd-3ad06714db9c6a2edf6d.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

84ccadcc097fdd27c7eba123a3e374063baf89a5358206b4e4898fb63526afde

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-473d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: zYTjEBiWq-lT0-q2RWdyvTR9X21QFSrY5hMKkp7YDfVoO3xVgdBSPA==
x-xss-protection: 1; mode=block

GET
H2 200 9a17dec9d90fefa2488e07606cea19a20a362232-623d105ad348372e8fec.js Show response
visa-claim.airrefund.com/ 12 KB
4 KB 531ms
529ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/9a17dec9d90fefa2488e07606cea19a20a362232-623d105ad348372e8fec.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

5d172f502e7f6dcc730cb618184a1cf8671bd69e6057e77b72231985e1e3925d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-30b4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: sj_qqdtmBriV53AHAAaUv2_zDMB5j8YEyCzYcFJfAVsT-WmGeDyUYQ==
x-xss-protection: 1; mode=block

GET
H2 200 db15767d0dca212acf479ca58d57e6e63296f2d9-36adfabe305aaa0160b7.js Show response
visa-claim.airrefund.com/ 63 KB
25 KB 545ms
543ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/db15767d0dca212acf479ca58d57e6e63296f2d9-36adfabe305aaa0160b7.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

0b64e5cecaab5e569eee28d21858a862743345e9f4041ca130aba5bad624d72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f0330a-fc47"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: dVtk3CVzhv6DGsyBG3Gd0DV9Z8NuWihS3Ux3PzyQMh2BGfuDA5GduA==
x-xss-protection: 1; mode=block

GET
H2 200 component---src-pages-index-js-4a689677dabc03a3b6e9.js Show response
visa-claim.airrefund.com/ 18 KB
7 KB 411ms
409ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/component---src-pages-index-js-4a689677dabc03a3b6e9.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

6e6f1a084180963f7d11d160b370c9b3322cf223ecdc39ff13244be19910d228

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f0330a-46bb"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: SvNFjzNFJGQMYmaEl9Nbz79Im7fNry8trgR4DIO4jrHz5Dsen6Sghw==
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
visa-claim.airrefund.com/page-data/index/ 127 B
550 B 510ms
508ms Other
application/json 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/page-data/index/page-data.json

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

baf48a1dadb1a2193db78c2ce209abb89376974d123a033635eb09efc7041056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
etag: "65f0330a-7f"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: application/json
accept-ranges: bytes
content-length: 127
x-xss-protection: 1; mode=block
x-amz-cf-id: e3mCCsQ2j-XAk9nxrqrIO36KHxwxqDUdZBxzNV_6SgOSOKKDind6Sw==

GET
H2 200 app-data.json
visa-claim.airrefund.com/page-data/ 50 B
472 B 412ms
410ms Other
application/json 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/page-data/app-data.json

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

4abb32444c621703974c4f04ddc406146e04eb191dd2d264238a2f0f17964c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:42 GMT
server: nginx
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
etag: "65f0330a-32"
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: application/json
accept-ranges: bytes
content-length: 50
x-xss-protection: 1; mode=block
x-amz-cf-id: EOEgCn8U6giTeeVFPsH6BkL0b0u-BqLPUkMm5TIRQwGDUdEygrhOCA==

GET
H2 200 bootstrap.js Show response
www.gstatic.com/dialogflow-console/fast/messenger/ 2 KB
1 KB 210ms
76ms Script
text/javascript 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/dialogflow-console/fast/messenger/bootstrap.js?v=1

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dcecee0daf79c26403db79ad6cac73f864d47a47bd786d328a0bce42519265a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/dialogflow-console
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 696
x-xss-protection: 0
pragma: no-cache
last-modified: Tue, 15 Aug 2023 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="dialogflow-console"
vary: Accept-Encoding
report-to: {"group":"dialogflow-console","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dialogflow-console"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 custom-elements-es5-adapter.js Show response
static.dialogflow.com/common/messenger/webcomponentsjs/2.1.3/ 930 B
1 KB 262ms
63ms Script
text/javascript 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.dialogflow.com/common/messenger/webcomponentsjs/2.1.3/custom-elements-es5-adapter.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/dialogflow-console/fast/messenger/bootstrap.js?v=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7034ae8d8aaa077dc02a62b5b4a0b9d0eefacc5619832a2637a9afd4ef626cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 08:52:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563580
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/dialogflow-console
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 493
x-xss-protection: 0
last-modified: Fri, 26 Oct 2018 00:59:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="dialogflow-console"
vary: Accept-Encoding
report-to: {"group":"dialogflow-console","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dialogflow-console"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 13 Mar 2024 08:52:54 GMT

GET
H2 200 webcomponents-loader.js Show response
static.dialogflow.com/common/messenger/webcomponentsjs/2.1.3/ 6 KB
2 KB 263ms
64ms Script
text/javascript 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.dialogflow.com/common/messenger/webcomponentsjs/2.1.3/webcomponents-loader.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/dialogflow-console/fast/messenger/bootstrap.js?v=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c8eb3fac2da085b9b9162f25b769e760c25fbbfbe5edd7a354def8ee0bebe6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 08:53:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563551
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/dialogflow-console
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2021
x-xss-protection: 0
last-modified: Fri, 26 Oct 2018 00:59:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="dialogflow-console"
vary: Accept-Encoding
report-to: {"group":"dialogflow-console","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dialogflow-console"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 13 Mar 2024 08:53:23 GMT

GET
H2 200 c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js Show response
visa-claim.airrefund.com/ 2 MB
728 KB 417ms
417ms Script
application/javascript 18.238.55.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/webpack-runtime-c76dfc8310df0b58db14.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-35.jfk52.r.cloudfront.net

Software

nginx /

Resource Hash

d7f763d61ccb650c75de4a6b2dfa17fac882a45db3cb0e330f2706a7813281e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 10:48:41 GMT
server: nginx
content-encoding: gzip
x-amz-cf-pop: JFK52-P4
etag: W/"65f03309-210c64"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-cache: Miss from cloudfront
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-id: _aOsEHB_Uh-GX67E42PO8sZhbr5fCBi-okZ0Il1N9nEauisfmz2Mog==
x-xss-protection: 1; mode=block

POST
H2 200 / Show response
o78139.ingest.sentry.io/api/5355853/envelope/ 2 B
325 B 224ms
81ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o78139.ingest.sentry.io/api/5355853/envelope/?sentry_key=8698d59eaa004008ab5c51a53bc029c9&sentry_version=7

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 10
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d45581591cefdeb8676d180e2ddef761b589247d8c356ddd4501f2939368e94b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 266 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/ Frame 1C93 6 KB
2 KB 61ms
61ms Document
text/html 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

49f5900d74ef78a3c5c1a737f1c851cd20c9fd6cc814783cdb19b3b24ba4bdfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 49313
cache-control: max-age=86400
content-encoding: gzip
content-length: 1930
content-type: text/html
date: Tue, 12 Mar 2024 08:57:13 GMT
etag: "1b1a56d9c9fcf8acab07f238231461df"
last-modified: Mon, 08 May 2023 11:42:34 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-amz-cf-id: vqlG_L4VGv_8UeKlt3yzkDo3yZX2VvEUVv9Ss8krPLQYudSpNDMKcA==
x-amz-cf-pop: EWR50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame 3B04 8 KB
3 KB 62ms
62ms Document
text/html 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://visa-claim.airrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 45046
cache-control: max-age=86400
content-encoding: gzip
content-length: 2114
content-type: text/html
date: Tue, 12 Mar 2024 09:49:47 GMT
etag: "bbd26c541b063878dddb6095c1f82221"
last-modified: Mon, 08 May 2023 11:42:24 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-amz-cf-id: P4eLg_i3NvYleQaRjIuUkPZKZ2RKGbV0Av9rej7epOcQ0kZ0b5sI2A==
x-amz-cf-pop: EWR50-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 logo-airrefund.svg
d2htwrs017c1b3.cloudfront.net/img/logos/ 103 KB
66 KB 323ms
133ms Image
image/svg+xml 2600:9000:20ee:6e00:18:427:27c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://d2htwrs017c1b3.cloudfront.net/img/logos/logo-airrefund.svg

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ee:6e00:18:427:27c0:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

601920d6dbd057e18a986cef8af6b3e7187eed60505034bc63f53f36b456927c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-amz-cf-pop: BOS50-C2
age: 24
via: 1.1 60977f24a6858f4bd1384356217daad0.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Tue, 12 Mar 2024 13:04:40 GMT
server: nginx
etag: W/"65f052e8-19cc9"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
x-amz-cf-id: e6P_3f5tGj_vZNSeprRpAMPv234h_QXLuYVFZ16EMFaf2ov2ZgDOmA==

GET
DATA 200
OK truncated
/ 838 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3eebbc8812a7c38170e4783074245f1fe52da81200eb4bab248c84957c7799e3

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 086c24d6be39f40328921c0cd90e2b24e2ebc6841237c8ac42aaf94b348860fd

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c64806a48768c11a4b7371fdfdd253d563932415055bd53177b804a92eb22e85

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2b68aabe9e1c69d6455cf4c7884015da4c8f956d7822853dc0b72079a87afd7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 277a6668f56f3ae8b3e9871ca71e2a88a187ad49af095968e4e57f98bbfa1412

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 332cab48d783d243a3e3c8bf71707cb24986d61f8a347b135850692f9eca884b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 14b7bfa977a5baf189c3744cacd6dca4ed162da7cb745361660dc4b727941f45

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 027ada4ba21950bd1d184949d58343208c5e1e722c6b31d5c9c8302cc760a3b3

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 session Show response
visa-api-en.airrefund.com/ 47 B
1 KB 675ms
277ms XHR
application/json 54.171.83.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-api-en.airrefund.com/session

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.83.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-83-16.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

a84582d41eeb6f60e1eb5174a4a34547bd94fe6ba058093a9d125e00fdadf8d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/vnd.api+json
Referer: https://visa-claim.airrefund.com/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, private
access-control-allow-credentials: true
x-xss-protection: 1; mode=block

GET
H2 200 fonts.css
visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/ 11 KB
1 KB 608ms
142ms Stylesheet
text/css 54.171.83.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/fonts.css

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.83.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-83-16.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cfd79d38989853e22d3c9e9b45ebfe676493ecd39449b62514f43e9296953c4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 12 Mar 2024 13:00:42 GMT
server: nginx
content-encoding: gzip
etag: W/"65f051fa-2bdb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block

GET
H2 200 2dfec477-fd0d-4e7e-9a58-5ebe2a060d40 Show response
app.termly.io/resource-blocker/ 1013 KB
302 KB 270ms
191ms Script
text/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f50e309deea05437866a39dd89bc929075756398d6314b90effdc122a1bec08

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: miss; no-origin
date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block, 1; mode=block
x-request-id: d90167c5-4f7f-4a66-aaf9-ca8c83baf876
x-runtime: 0.048586
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3f50e309deea05437866a39dd89bc929"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 8636dc0a5e305c7f-MIA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 375 KB
114 KB 246ms
112ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

938be688db1c0feade018e565da4d5ea0e0f62f0c20bba6f0d78fa5c35f036f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116173
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 266 KB
92 KB 335ms
200ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WBVHR929

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

26370b91f85c55342ef1b802beb66a23a859c7a1f1fe65aa5d9b7216c34ead5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94134
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2

200

26198936.js Show response
js-eu1.hs-scripts.com/
Redirect Chain

https://js.hs-scripts.com/26198936.js
https://js-eu1.hs-scripts.com/26198936.js

1 KB
1 KB

630ms
169ms

Script
application/javascript

172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/26198936.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb83f054f87aecbfe3d98949f65dfd9efb3cbf1f66121a0046b3f50829a3a23c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: ae93a211-b4bf-4a7c-b00d-05949f52f442
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=1533
age: 3090
x-envoy-upstream-service-time: 16
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ae93a211-b4bf-4a7c-b00d-05949f52f442
cf-bgj: minify
last-modified: Tue, 12 Mar 2024 20:34:25 GMT
server: cloudflare
x-trace: 2BD510B970AED3DC8DEEB052ED7927B87863F69EF9000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.flight-delayed.com
x-evy-trace-served-by-pod: fra04/hubapi-td/envoy-proxy-6d5967b5f5-xmdzr
x-evy-trace-virtual-host: all
access-control-allow-credentials: true
cf-ray: 8636dc0e7b46698a-CDG

Redirect headers

date: Tue, 12 Mar 2024 21:25:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a4394e86-e346-4b0b-98e9-dbea120a28ad
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a4394e86-e346-4b0b-98e9-dbea120a28ad
server: cloudflare
x-trace: 2BC9A6AFA61F024E8B2EFFF78304DED87C8F91512C000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
location: https://js-eu1.hs-scripts.com/26198936.js
access-control-allow-origin: https://visa-claim.airrefund.com
x-evy-trace-virtual-host: all
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-76b6498444-5r8hb
cache-control: public, max-age=90
cf-ray: 8636dc0a7f9e21d3-MIA
expires: Tue, 12 Mar 2024 21:27:25 GMT

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/ Frame 1C93 50 KB
16 KB 69ms
69ms Script
application/x-javascript 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

124f0540b0a531107030a6cd746f2c7b84acfe4469ba08b6792bb68da7edb984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 08:20:35 GMT
content-encoding: gzip
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: EWR50-C1
age: 57282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 15571
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:42:56 GMT
server: AmazonS3
etag: "f90daf8c8f47c6afab7d4e27466118b5"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: 7XrMHSt_ceKyLbMUzNS_QVZC1NNU6ThzIi0yhks61xzQkAwzYb96qg==

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame 3B04 54 KB
17 KB 70ms
69ms Script
application/x-javascript 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 10:16:18 GMT
content-encoding: gzip
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
x-amz-cf-pop: EWR50-C1
age: 53119
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 17138
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:42:26 GMT
server: AmazonS3
etag: "732769f238a36cb44705f2d6a18312ee"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: oBcx2BQ6M0zGR0kdmJPFGMbgn11JXKLqmwb-jiYbAaqbAoRguIKKcg==

GET
H2 200 53aa8807dec7e10d38f59f32 Show response
widget.trustpilot.com/trustbox-data/ Frame 1C93 878 B
820 B 146ms
145ms XHR
application/json 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/53aa8807dec7e10d38f59f32?businessUnitId=62160cfa10aed4d5536d375f&locale=en-GB

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

8183c832ae14d897361d2f29c860543206daa299f27c554dd1930f85caf8b9fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 21:25:54 GMT
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
etag: "d05e3bcd9dcedcba25e122709a07b3be"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
content-length: 392
x-xss-protection: 1; mode=block
x-amz-cf-id: XiSz80NLVc_kpgBGdCZaqQzVnYg9cdYrwv4z3i0w8XAzWUE6vPmRXQ==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame 1C93 0
323 B 138ms
138ms XHR
text/plain 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=150px&styleWidth=80%25&theme=light&stars=4%2C5&reviewLanguages=en&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=62160cfa10aed4d5536d375f&widgetId=53aa8807dec7e10d38f59f32

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: s8HTR3Cu8hpYfcbxGQcT7xt5YlQxjcUVCzGB5PTS68PwvgWRdWpZhg==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame 1C93 0
323 B 141ms
141ms XHR
text/plain 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=150px&styleWidth=80%25&theme=light&stars=4%2C5&reviewLanguages=en&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=62160cfa10aed4d5536d375f&widgetId=53aa8807dec7e10d38f59f32

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: jHzWLfqhnSzj_odNuO5RSkLNL8kJGtCbN3MBG9AIoKmRYf7nzlcIwg==
x-xss-protection: 1; mode=block

GET
H2 200 5419b637fa0340045cd0c936 Show response
widget.trustpilot.com/trustbox-data/ Frame 3B04 927 B
852 B 140ms
139ms XHR
application/json 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/5419b637fa0340045cd0c936?businessUnitId=62160cfa10aed4d5536d375f&locale=en-GB

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

6735094c821ccd6a2678c42148763964257064893a6c1b6ba9647aea889d404d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Mar 2024 21:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
etag: "1250c464bcd85cd28f0d3b191b1100bb"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
x-amz-cf-id: sO8fuD3gydzEUixHVCYwNVT9lfRsVk1l_zz4MN2BVywASEkkP4MymA==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame 3B04 0
322 B 136ms
136ms XHR
text/plain 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=62160cfa10aed4d5536d375f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: zcQLfzhcH54PDbl5wkHc-C5AYLCNnsq1QxkipzRgLecYf4IpL5XGKA==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame 3B04 0
321 B 137ms
136ms XHR
text/plain 13.225.214.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.111%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=62160cfa10aed4d5536d375f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.214.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-214-29.ewr50.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=62160cfa10aed4d5536d375f
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:54 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 e6fc68fd040718147cda2e3ef6f63636.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: EWR50-C1
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: 7_oim3p7A-CGdCzPxMFm26O_sjajmQ3A31TjzvKM02c4iimCm48vlQ==
x-xss-protection: 1; mode=block

OPTIONS
H3 200 statistics
app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/ Frame 0
0 206ms
134ms Preflight 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/statistics

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://visa-claim.airrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 600
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8636dc0deae37479-MIA
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
date: Tue, 12 Mar 2024 21:25:55 GMT
server: cloudflare
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 201 statistics Show response
app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/ 3 B
558 B 165ms
164ms XHR
application/json 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/statistics

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43974ed74066b207c30ffd0fed5146762e6c60745ac977004bc14507c7c42b50

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: application/json

Response headers

x-rack-cors: hit
date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 169bdcee-5119-41c9-b720-a24d9900d56a
x-runtime: 0.037115
server: cloudflare
etag: W/"43974ed74066b207c30ffd0fed514676"
access-control-max-age: 600
access-control-allow-methods: POST
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
vary: Origin
cf-ray: 8636dc0ebc207479-MIA

GET
H3 200 cookies Show response
app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/documents/3259be3c-ef72-4db6-bfa0-4a9a348d1014/ 10 KB
3 KB 236ms
174ms XHR
application/json 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/api/v1/snippets/websites/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40/documents/3259be3c-ef72-4db6-bfa0-4a9a348d1014/cookies

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2f30516ca06644ccfe87ad9f120036656b7820413b7d4d1dd6f8d793aa00871

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-rack-cors: hit
date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-eval' 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; style-src 'self' blob: 'unsafe-inline' https:; connect-src 'unsafe-eval' 'unsafe-inline' https: wss://sockets.dixa.io wss://api.appcues.net wss://*.firebaseio.com; frame-src 'self' https:
cf-cache-status: HIT
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: f343b27b-063f-43ba-838b-16bf8a76028b
x-runtime: 0.020619
server: cloudflare
etag: W/"e2f30516ca06644ccfe87ad9f1200366"
access-control-max-age: 600
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: public, max-age=14400
vary: Origin, Accept-Encoding
cf-ray: 8636dc0deae17479-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

GET
H2 200 882.min.js Show response
app.termly.io/resource-blocker/ 488 B
495 B 46ms
45ms Script
application/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/882.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06edac6c5ca20a9ea53915b1a8e69cbade3b54914de72eb1a82b3b7c925e8e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 602
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-1e8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8636dc0d9bec5c7f-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

GET
H3 200 en.json Show response
app.termly.io/resource-blocker/i18n/ 4 KB
1 KB 167ms
167ms XHR
application/json 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.termly.io/resource-blocker/i18n/en.json
Requested by: Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 364d96bae27eb977f7cb2e81e9b066d55bbbb076eb12a0e52e83e7ac30cce307

Request headers

Accept: application/json, text/plain, */*
Csrf-Token: bed17d6b-26d2-4d53-8c4d-4d31daa71066
Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-e0c"
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 8636dc0ebc247479-MIA
access-control-allow-headers: *
alt-svc: h3=":443"; ma=86400
expires: Wed, 13 Mar 2024 01:25:55 GMT

OPTIONS
H3 204 en.json
app.termly.io/resource-blocker/i18n/ Frame 0
0 185ms
136ms Preflight 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.termly.io/resource-blocker/i18n/en.json
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: csrf-token
Access-Control-Request-Method: GET
Origin: https://visa-claim.airrefund.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8636dc0deade7479-MIA
date: Tue, 12 Mar 2024 21:25:55 GMT
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 284 KB
95 KB 105ms
104ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FJ1TMDSHDZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBVHR929

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae998df15c789a6a7417e8b84f9cc8d2bd48b008807eed9caecfce8e81fb933a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96720
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 215 KB
58 KB 197ms
66ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Mar 2024 21:25:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57348
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=12, mss=1294, tbw=2775, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: ABKb/d3rOjPw4AyuPV/BFqeG3fad76froFjwfnk2VxfwvSfv9tiig6jQBGQIN4B6EovQCbZTOdLwmcKHPXoIhg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&auid=1974518895...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&au...

42 B
588 B

222ms
86ms

Ping
image/gif

2607:f8b0:4006:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&auid=1974518895.1710278756

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Server

2607:f8b0:4006:817::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13r3r3r3r5&rnd=947250687.1710278756&url=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dma=0&npa=0&gtm=45He43b0n81P5LQ4SRv77272557za200&auid=1974518895.1710278756
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 299 KB
95 KB 108ms
108ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PGSLCCT81X&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b21e70ce1b85d63667496163482e21ae7fcd46ff39d2f6bd6c2bb0284f7301d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96658
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 282 KB
94 KB 135ms
135ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-X9ST4TFXWZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6b023ccccca44941b6768d437c783b2db73edcfdc7eb38f9dad7f43609483728

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96351
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 129ms
56ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 12 Mar 2024 21:25:55 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A64F9C6EE72D48C5BEEABEA8EFE80EA6 Ref B: MIAEDGE1913 Ref C: 2024-03-12T21:25:55Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 238 KB
83 KB 135ms
135ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1002329970&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea39106fd295ae2acf3b91bdbb602a9d60da0a84e465a4e16ab19192fc2fb56a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84812
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 328ms
164ms Script
application/javascript 23.48.224.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CMG00PBC77U58IR17KOG&lib=ttq
Requested by: Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.224.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-224-106.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: bf835282e0885e933f09fb3a9b681d9673e62deb024e49d72c4e77183bd67b4c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-akamai-request-id: 29854cef
date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240312212555B536E786634ECD411F09-7321B1014DF9F6A9-00
x-cache: TCP_MISS from a23-195-36-74.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=22, origin; dur=32
content-length: 1740
pragma: no-cache
server: nginx
x-tt-logid: 20240312212555B536E786634ECD411F09
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 33,23.195.36.74
x-tt-trace-host: 011dfe39ca07daf9d8ccc7c719765f296b41588543a64ec10aac6ddd4be943b437487004880c4f4f9f21ba40b0411c0c7ef93c241411e0418ddd96a35aa62003c92fa2568a00c5b002b1ccbe0fec6c1535e6427b27d760f26f4236a7d4e10304ef
expires: Tue, 12 Mar 2024 21:25:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 195ms
61ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P5LQ4SR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Mar 2024 19:51:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5653
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 12 Mar 2024 21:51:42 GMT

GET
H2 200 sptsansv17jizfrexuito99u79b-mh0o6tlr8a8zi.woff2
visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/ 11 KB
11 KB 423ms
141ms Font
font/woff2 54.171.83.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/sptsansv17jizfrexuito99u79b-mh0o6tlr8a8zi.woff2
Requested by: Host: visa-portal-en.airrefund.com
URL: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/fonts.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.83.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-83-16.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a6e8aec7ccc3eb5c11b1b26ddb6d10bffafd6c57f9841e8c8d2a7a869ff696d5

Request headers

Referer: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/fonts.css
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
last-modified: Tue, 12 Mar 2024 13:00:42 GMT
server: nginx
etag: "65f051fa-2d14"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 11540

GET
H2 200 sopensansv34memvyags126mizpba-uvwbx2vvnxbbobj2ovts-mu0sc55i.woff2
visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/ 38 KB
39 KB 562ms
282ms Font
font/woff2 54.171.83.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/sopensansv34memvyags126mizpba-uvwbx2vvnxbbobj2ovts-mu0sc55i.woff2
Requested by: Host: visa-portal-en.airrefund.com
URL: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/fonts.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.83.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-83-16.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675

Request headers

Referer: https://visa-portal-en.airrefund.com/storage/fonts/f758fe3a74/fonts.css
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
last-modified: Tue, 12 Mar 2024 13:00:42 GMT
server: nginx
etag: "65f051fa-99cc"
content-type: font/woff2
access-control-allow-origin: *
accept-ranges: bytes
content-length: 39372

GET
H3 200 851.min.js Show response
app.termly.io/resource-blocker/ 17 KB
7 KB 49ms
48ms Script
application/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/851.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a85d996553680d6d54ff931f0f0a808fe024c31c89dabcc45a32b57a582e6f72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 602
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-4205"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8636dc0e7e778df0-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

GET
H3 200 883.min.js Show response
app.termly.io/resource-blocker/ 7 KB
3 KB 49ms
49ms Script
application/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/883.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2837505c458cee19b547ec5366099aabc571c67a62e1f2d0b7fa635c29f00409

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 601
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-1ab1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8636dc0e7e798df0-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

GET
H3 200 311.min.js Show response
app.termly.io/resource-blocker/ 4 KB
2 KB 47ms
46ms Script
application/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/311.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fea7a3df389a0f1181f9f80d79650694c9a59dde91b65cf6756390c7f1405b4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 601
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-10a6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8636dc0edf028df0-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

POST
H2 200 / Show response
o78139.ingest.sentry.io/api/5355853/envelope/ 41 B
106 B 105ms
104ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o78139.ingest.sentry.io/api/5355853/envelope/?sentry_key=8698d59eaa004008ab5c51a53bc029c9&sentry_version=7

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

489cc25523a515c6882d930b4261527704f727b818b611224f3c2a96f4e84422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
content-encoding: br
via: 1.1 google
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 2
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 collect Show response
server-side-tagging-6dborax6xa-ez.a.run.app/g/ 65 B
583 B 992ms
885ms XHR
text/plain 2001:4860:4802:34::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://server-side-tagging-6dborax6xa-ez.a.run.app/g/collect?v=2&tid=G-FJ1TMDSHDZ&gtm=45je43b0v9172259126z89172235916za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&_fplc=0&ur=US-FL&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sst.uc=US&sst.rnd=947250687.1710278756&sst.gcd=13r3r3r3r5&sst.tft=1710278754838&_s=1&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2191&richsstsse

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no
expires: Tue, 12 Mar 2024 21:25:56 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
177 B 76ms
75ms Ping
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PGSLCCT81X&gtm=45je43b0v890928670z877272557za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=page_view&_fv=1&_ss=1&tfd=2275
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PGSLCCT81X&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 undefined.js Show response
bat.bing.com/p/action/ 0
117 B 57ms
57ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/undefined.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 12 Mar 2024 21:25:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4D6C0D63864B4DED96ABFDDA2F0BDF4D Ref B: MIAEDGE1913 Ref C: 2024-03-12T21:25:55Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
359 B 65ms
65ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=undefined&Ver=2&mid=0b15aa91-ebd5-4ed1-8cd4-4aeb3c3012fa&sid=1c939a90e0b711ee9eee4bc2a08f91da&vid=1c93bf90e0b711ee8c2e4fded9864fa9&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&p=https%3A%2F%2Fvisa-claim.airrefund.com%2F&r=&lt=520&evt=pageLoad&sv=1&rn=100553

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Mar 2024 21:25:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 97A43FD81726412EAD084CDCF47C765C Ref B: MIAEDGE1913 Ref C: 2024-03-12T21:25:55Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collectedforms.js Show response
js-eu1.hscollectedforms.net/ 69 KB
25 KB 672ms
187ms Script
application/javascript 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26198936.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44dbbb0a1da3d1a2b3f637ba2eff82150de83164b3caf824fc0fc46633588de3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://visa-claim.airrefund.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
x-amz-version-id: VTCx5Wpr_CjwKFe_1K6ShUsHQL37oHcJ
via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: FRA60-P6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: c6f68521-e25b-43d2-b34e-2aecc5c15f56
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.468/bundles/project.js&cfRay=8636dc135c39d3f4-CDG
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c6f68521-e25b-43d2-b34e-2aecc5c15f56
last-modified: Wed, 21 Feb 2024 09:36:07 UTC
server: cloudflare
etag: W/"0892458d49ed5681928e6be69131caa7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-57464f64dd-x844g
cf-ray: 8636dc135c39d3f4-CDG
x-amz-cf-id: HSH8qCfx3PquUnU_0-YZcaOnKLshKUbqNt-Do_wrC6lPtyN6UfZpqg==
x-hs-target-asset: collected-forms-embed-js/static-1.468/bundles/project.js

GET
H2 200 banner.js Show response
js-eu1.hs-banner.com/v2/26198936/ 70 KB
23 KB 638ms
169ms Script
text/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-banner.com/v2/26198936/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26198936.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e4314b90adf8a913eefab4888e46e71ec88fac0142b298753abafe51bbc3554

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
x-amz-version-id: DY4gBYEWk5ED40CAmrhHMPmZizlzeXKF
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 6B280HX9XH3E6FS8
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 877423b1-2de2-4bbe-bbac-5e8c0fa62548
age: 270
x-envoy-upstream-service-time: 77
x-amz-id-2: 8DyeUQ2CHFnYCtlBcwM/eqKRpFtpyTeEwWg0KzHA2QBN616EYw5cwzQSjBhm6/sBSXYkye67ybo=
x-evy-trace-listener: listener_https
x-request-id: 877423b1-2de2-4bbe-bbac-5e8c0fa62548
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 06 Mar 2024 16:11:30 GMT
server: cloudflare
etag: W/"9b1cc53b3ff3ff3555a2354b31322623"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://claim.vlucht-vertraagd.be
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-775cb58c56-dw9m5
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8636dc13398b6fb1-CDG
expires: Tue, 12 Mar 2024 21:26:26 GMT

GET
H2 200 26198936.js Show response
js-eu1.hs-analytics.net/analytics/1710275400000/ 66 KB
21 KB 621ms
167ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1710275400000/26198936.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/26198936.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b05f1b893e406dadb2ebb30a4cfaba658f7727943817f825904e1385263fc7c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: HPBGBEFFW5HZ71PB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3d2e475b-1bad-4d41-9b68-9872816e4be4
age: 23
x-envoy-upstream-service-time: 36
x-amz-id-2: NLn9JcAoBCA3WAL/Wj7KTRb+k51jqJPE4zvV6HWxZEINxkx9Q22zZum2j2PEHVsUGhzN9I6SOkA=
x-evy-trace-listener: listener_https
x-request-id: 3d2e475b-1bad-4d41-9b68-9872816e4be4
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 27 Feb 2024 15:35:05 GMT
server: cloudflare
etag: W/"ed81839775d91707b6c4cf3c7f981894"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-775cb58c56-dw9m5
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8636dc131dc502d3-CDG
expires: Tue, 12 Mar 2024 21:30:33 GMT

GET
H2 204 0
bat.bing.com/action/ 0
228 B 64ms
63ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=undefined&Ver=2&mid=0b15aa91-ebd5-4ed1-8cd4-4aeb3c3012fa&sid=1c939a90e0b711ee9eee4bc2a08f91da&vid=1c93bf90e0b711ee8c2e4fded9864fa9&vids=0&msclkid=N&gtm_tag_source=ua_e&gc=EUR&tpp=1&ea=gtm.dom&en=Y&p=https%3A%2F%2Fvisa-claim.airrefund.com%2F&sw=1600&sh=1200&sc=24&evt=custom&rn=984856

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 12 Mar 2024 21:25:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 00EDF518053D4BE9BF2281040782565B Ref B: MIAEDGE1913 Ref C: 2024-03-12T21:25:55Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 733.min.js Show response
app.termly.io/resource-blocker/ 4 KB
865 B 49ms
48ms Script
application/javascript 2606:4700::6812:1eea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.termly.io/resource-blocker/733.min.js

Requested by

Host: app.termly.io
URL: https://app.termly.io/resource-blocker/2dfec477-fd0d-4e7e-9a58-5ebe2a060d40?autoBlock=off

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1eea , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6b0a123972dc8c6a9e209e9f76111f623ecfb92f0ea8e0997d9733b608ac441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:55 GMT
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 601
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 12 Mar 2024 21:12:31 GMT
server: cloudflare
etag: W/"65f0c53f-1066"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8636dc1029188df0-MIA
expires: Wed, 13 Mar 2024 01:25:55 GMT

POST
H2 200 1002329970
google.com/pagead/form-data/ 0
0 216ms
82ms Ping
text/html 2607:f8b0:4006:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/pagead/form-data/1002329970?gtm=45be43b0z877272557za201&gcs=G111&gcd=13r3r3r3r5&dma=0&hn=www.googleadservices.com&did=dNzg2MD&gdid=dNzg2MD&npa=0&pscdl=noapi&auid=1974518895.1710278756&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1002329970&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

POST
H2 204 1002329970
google.com/ccm/form-data/ 0
260 B 209ms
75ms Ping
text/plain 2607:f8b0:4006:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/1002329970?gtm=45be43b0z877272557za201&gcs=G111&gcd=13r3r3r3r5&dma=0&hn=www.googleadservices.com&did=dNzg2MD&gdid=dNzg2MD&npa=0&pscdl=noapi&auid=1974518895.1710278756&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1002329970&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:806::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 77ms
76ms Ping
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X9ST4TFXWZ&gtm=45je43b0v9179020402z877272557za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=page_view&_fv=1&_ss=1&tfd=2402
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X9ST4TFXWZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 76ms
76ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=636505244&t=pageview&_s=1&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&ul=en-us&de=UTF-8&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=71311898&gjid=1481947635&cid=1652315665.1710278756&tid=UA-63937490-3&_gid=555127860.1710278756&_r=1&_slc=1&gtm=45He43b0n81P5LQ4SRv77272557za200&cd3=en-GB&gcs=G111&gcd=13r3r3r3r5&dma=0&z=1335592533

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1706236556066392 Show response
connect.facebook.net/signals/config/ 61 KB
13 KB 131ms
130ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1706236556066392?v=2.9.148&r=stable&domain=visa-claim.airrefund.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96ea3ca439216e922e854e319c6d1fa00c660834a6c6f62e89d58f9865bb0b33

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 12 Mar 2024 21:25:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=63, mss=1294, tbw=62453, tp=-1, tpl=-1, uplat=65, ullat=1
pragma: public
x-fb-debug: +Zz2u/RtC6JEt8NKdjT11Gm0ftD3YvB3sG7rQ17Ra3NmzMIPIqoKyBcpmn2JgNafvk4gNYpEn+vj+iX/pU1M1A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 main.MTE2NjEzZWI4MQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 421 KB
112 KB 112ms
112ms Script
application/javascript 23.48.224.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE2NjEzZWI4MQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CMG00PBC77U58IR17KOG&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.224.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-224-106.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 910aa7b5ae11a80640aa62b2953992b069d6d48e147e4e0cc029b27ff637d508

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-akamai-request-id: 298554bc
date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240308132517B15BDCF1AAC49B443D3B
x-tt-trace-id: 00-240308132517B15BDCF1AAC49B443D3B-608F28D5716D9E09-00
vary: Accept-Encoding
x-cache: TCP_HIT from a23-195-36-74.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 010b2bb5bbc6f1b90d95b7990ba05c3cfe1f784be1a9e9882213af6cef0f4e8ff1d0ddc6c41bbd60601cfa07bdc72ae7f278fb397be6990be9e463bf08e0b28a1170d2b9c1f27fa2c9dbb4cce773bdc096ca0d7403da897fcfcd60253f1f04fdc3
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=20
content-length: 113696

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
353 B 185ms
67ms XHR
text/plain 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-63937490-3&cid=1652315665.1710278756&jid=71311898&gjid=1481947635&_gid=555127860.1710278756&_u=YADAAUAAAAAAACAAI~&z=80601010

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 12 Mar 2024 21:25:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
270 B 206ms
74ms Image
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1706236556066392&ev=PageView&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&rl=&if=false&ts=1710278756139&sw=1600&sh=1200&v=2.9.148&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1710278756137.1842268350&cs_est=true&ler=empty&cdl=API_unavailable&it=1710278755988&coo=false&rqm=GET

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=10, mss=1294, tbw=2768, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 12 Mar 2024 21:25:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 127ms
126ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-63937490-3&cid=1652315665.1710278756&jid=71311898&_u=YADAAUAAAAAAACAAI~&z=700218858

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:25:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect Show response
server-side-tagging-6dborax6xa-ez.a.run.app/g/ 65 B
397 B 491ms
491ms XHR
text/plain 2001:4860:4802:34::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://server-side-tagging-6dborax6xa-ez.a.run.app/g/collect?v=2&tid=G-FJ1TMDSHDZ&gtm=45je43b0v9172259126za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&_fplc=0&ur=US-FL&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&sst.uc=US&sst.rnd=947250687.1710278756&sst.gcd=13r3r3r3r5&sst.tft=1710278754838&sst.sp=1&sst.em_event=1&_s=2&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=scroll&epn.percent_scrolled=90&_et=15&tfd=2713&richsstsse

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-accel-buffering: no
expires: Tue, 12 Mar 2024 21:25:56 GMT

GET
H2 200 identify_efbb8.js Show response
analytics.tiktok.com/i18n/pixel/static/ 137 KB
37 KB 76ms
75ms Script
application/javascript 23.48.224.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_efbb8.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE2NjEzZWI4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.224.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-224-106.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

x-akamai-request-id: 29855b4b
date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024022215011262E54BBF204779380960
x-tt-trace-id: 00-24022215011262E54BBF204779380960-57090E67ECCA7F37-00
vary: Accept-Encoding
x-cache: TCP_HIT from a23-195-36-74.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01b0057fdf19f353e6a8f328b956e48c1727ae63bcf9cf440952efd63b480e76f957e20e9b39ab31344dbdd235acd08e5d4fcc6f8dae11a7104727cb12656bda75df97556004994fbb53fe536c47d410bf1a83083d311aa062d3b0103259f4758d
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=11
content-length: 36831

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
701 B 164ms
164ms Ping
text/plain 23.48.224.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE2NjEzZWI4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.224.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-224-106.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 29855caf
date: Tue, 12 Mar 2024 21:25:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24031221255623EB900EC34F0BDEF0B9-09B43D242F7C6E1A-00
x-cache: TCP_MISS from a23-195-36-74.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
server-timing: inner; dur=76, cdn-cache; desc=MISS, edge; dur=5, origin; dur=85
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024031221255623EB900EC34F0BDEF0B9
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 86,23.195.36.74
x-tt-trace-host: 011dfe39ca07daf9d8ccc7c719765f296b41588543a64ec10aac6ddd4be943b437789bd27bf1aeab55d178b9a00f67a1213bc097590e211d391eb9e80759e5db2b9f17e5eff686a2ffa82c4ed153f2607b5658fcce6f75c38b92c01e38f3de80a9
access-control-allow-headers: Authorization,*
expires: Tue, 12 Mar 2024 21:25:56 GMT

GET
H2 200 messenger-internal.min.js Show response
www.gstatic.com/dialogflow-console/fast/messenger/ 117 KB
30 KB 79ms
78ms Script
text/javascript 2607:f8b0:4006:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/dialogflow-console/fast/messenger/messenger-internal.min.js?v=4

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/dialogflow-console/fast/messenger/bootstrap.js?v=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c29fc696d1501f4634511d57f6e751c893aa7e24ca4ee35b5c1ad752c6b4078

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/dialogflow-console
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30733
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 02 Nov 2023 22:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="dialogflow-console"
vary: Accept-Encoding
report-to: {"group":"dialogflow-console","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dialogflow-console"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 635ms
190ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3281433755&v=1.1&a=26198936&pu=https%3A%2F%2Fvisa-claim.airrefund.com%2F&t=AirRefund.com+-+VISA+-+Flight+delayed+or+cancelled%3F+Claim+your+compensation+or+refund!&cts=1710278756554&vi=1918b8cd6039c967038987e64e4f6401&nc=true&u=149450473.1918b8cd6039c967038987e64e4f6401.1710278756550.1710278756550.1710278756550.1&b=149450473.1.1710278756550&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 34608b0c-30f9-427c-9dd6-6b1d4a04c037
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 2
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 34608b0c-30f9-427c-9dd6-6b1d4a04c037
last-modified: Tue, 12 Mar 2024 21:25:57 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9g%2B1DUxCb3mApx3J01RzehNiDS5m8axpC6hsRRlDsGGiynO2ic7Dh9MnKxuWKY232sXG6lWkXdTcp9BELl%2F4g7TJ1rda2K4Fd%2Bacc4dKvlKGAaukDrNwC%2BEcernfTmFOLDkOw5bfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-8564d84769-96p2l
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 8636dc17a8ca0379-CDG
x-robots-tag: none

GET
H2 200 json Show response
forms-eu1.hscollectedforms.net/collected-forms/v1/config/ 116 B
440 B 203ms
188ms XHR
application/json 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=26198936&utk=1918b8cd6039c967038987e64e4f6401

Requested by

Host: visa-claim.airrefund.com
URL: https://visa-claim.airrefund.com/c3455774b90932b4a401b388d3cbb6640bd7e9b3-0de907ed72157661cfea.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55d2a81839ec88997fb57fe72169e71c11e72d496dbd0534c7cec26c16a9975a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: baa13819-d0b1-4930-a669-5de40ebfe9a9
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: baa13819-d0b1-4930-a669-5de40ebfe9a9
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://visa-claim.airrefund.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-57464f64dd-9j2jm
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8636dc150d72d3f4-CDG

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
841 B 152ms
151ms Ping
text/plain 23.48.224.106
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE2NjEzZWI4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.48.224.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-48-224-106.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://visa-claim.airrefund.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2b96850d.298565a9
date: Tue, 12 Mar 2024 21:25:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2403122125564560E630AD621E4815AC-38AE21C572F4C9BE-00
x-cache: TCP_MISS from a23-195-36-74.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
x-parent-response-time: 33,23.195.36.74
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=25, inner; dur=21
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202403122125564560E630AD621E4815AC
x-cache-remote: TCP_MISS from a23-48-100-43.deploy.akamaitechnologies.com (AkamaiGHost/11.4.3-54726453) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 25,23.48.100.43
x-tt-trace-host: 011dfe39ca07daf9d8ccc7c719765f296bb5043b125afa72d2feea77b6ee30cab81b3d9d8d620d80e920babcf9e9cb3a891f13d634b2fc611d5ada2f3591862e19a2eb3ee96966a21107ffc4c1a843fed9ace372889ad2f68029d1c608ae03f40440cff4349e2248de3b9a46bb3a1f48a0
access-control-allow-headers: Authorization,*
expires: Tue, 12 Mar 2024 21:25:56 GMT

GET
H2 200 icon
fonts.googleapis.com/ 569 B
439 B 211ms
78ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/dialogflow-console/fast/messenger/messenger-internal.min.js?v=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 21:25:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Mar 2024 21:25:56 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1002 B 210ms
77ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/dialogflow-console/fast/messenger/messenger-internal.min.js?v=4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 12 Mar 2024 21:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 12 Mar 2024 20:52:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Mar 2024 21:25:56 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5928dce93a6dfd81f4329f5171362cd28beb6d34eb44e41a318272cd8ad705f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 650ms
186ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date: Tue, 12 Mar 2024 21:25:57 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 610ff69d-28ee-4088-8b16-388f17feca29
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 610ff69d-28ee-4088-8b16-388f17feca29
Server: cloudflare
X-Trace: 2BFF054D7CA4C8FD43005AC5ED0AB96CA13EB5DA65000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-bd7cbb644-csk9c
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8636dc191eaad3bf-CDG

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 200ms
65ms Font
font/woff2 2607:f8b0:4006:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://visa-claim.airrefund.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date: Wed, 06 Mar 2024 08:56:32 GMT
x-content-type-options: nosniff
age: 563365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Mar 2025 08:56:32 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 77ms
76ms Ping
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-PGSLCCT81X&gtm=45je43b0v890928670za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=scroll&epn.percent_scrolled=90&_et=23&tfd=7306
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PGSLCCT81X&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:26:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 76ms
75ms Ping
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-X9ST4TFXWZ&gtm=45je43b0v9179020402za200&_p=1710278754838&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&gdid=dNzg2MD&cid=1652315665.1710278756&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1710278755&sct=1&seg=0&dl=https%3A%2F%2Fvisa-claim.airrefund.com%2F&dt=AirRefund.com%20-%20VISA%20-%20Flight%20delayed%20or%20cancelled%3F%20Claim%20your%20compensation%20or%20refund!&en=scroll&epn.percent_scrolled=90&_et=39&tfd=7445
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X9ST4TFXWZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://visa-claim.airrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Mar 2024 21:26:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://visa-claim.airrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
visa-claim.airrefund.com/	1970-01-20 19:47:50	Name: csrf_token Value: bed17d6b-26d2-4d53-8c4d-4d31daa71066
.airrefund.com/	1970-01-20 19:06:05	Name: XSRF-TOKEN Value: eyJpdiI6ImdUN3d4ZUQzQ1A2WFd4aG5JRVY5Wmc9PSIsInZhbHVlIjoicWh4K1B1UytJTTZOWFpXdE9NV1NWSXcxQnFicmlpbXMxSVNlQjhpaEYxMUFCVHJDbm1mUmYwcDgzaE5qQnFueWt3U0cyVUJzbFpwRE4vOUpXRHNlSEpNREtZNXVIQXAvZ25NZ0VYQlByaGRZZTF1YnR0VEhKTlNCTS9NM3pNdDMiLCJtYWMiOiJiZGY5YWUwMDE3MWVkODY3NGRhMzg3YzhjNzBmMzExZGFkYzdlOTRkMDdlZTkyODc5OTJhNDljZjFkNTE5ZGJkIiwidGFnIjoiIn0%3D
.airrefund.com/	1970-01-20 19:06:05	Name: gc_session Value: eyJpdiI6ImFhMUpUMzIyZmlnelVYbUNjRjlFdmc9PSIsInZhbHVlIjoiT3Jad1RzbjFNQU9qWkhiNmJJMWc3a3FxQ0diUmNoRnY2ejN6RkFVeVkzRE05UGM5TldGYkZaVGR1Z2kvN2xtcVNIVE0zTkJSYWFQcGQ0aVVtYm9vTmtOVFN6V2Fxd0xPeENoRS9RVTNtbmN4aVV1VUFWVUh5dUE0T2h1aC9GU3kiLCJtYWMiOiI1NTI4Y2VlMjMwMTMxMjcwZDc1MjUyYzNhYWY5ZDBkYjliYTRjY2VmNTNkNjQ3ODY2YTJhMWVhZTkyY2UwMzNlIiwidGFnIjoiIn0%3D
.airrefund.com/	1970-01-20 21:14:14	Name: _gcl_au Value: 1.1.1974518895.1710278756
.airrefund.com/	1970-01-21 04:40:38	Name: _ga_FJ1TMDSHDZ Value: GS1.1.1710278755.1.0.1710278755.0.0.0
.airrefund.com/	1970-01-21 04:40:38	Name: _ga_PGSLCCT81X Value: GS1.1.1710278755.1.0.1710278755.0.0.0
.airrefund.com/	1970-01-20 19:06:05	Name: _uetsid Value: 1c939a90e0b711ee9eee4bc2a08f91da
.airrefund.com/	1970-01-21 04:26:14	Name: _uetvid Value: 1c93bf90e0b711ee8c2e4fded9864fa9
.bat.bing.com/	1970-01-20 19:14:43	Name: MR Value: 0
.tiktok.com/	1970-01-21 04:26:14	Name: _ttp Value: 2dbZUhLHrvvVYNJP7TumlD4XPxJ
.bing.com/	1970-01-21 04:26:14	Name: MUID Value: 2D42FB6A23BC66C30698EF2A22D06760
.airrefund.com/	1970-01-21 04:40:38	Name: _ga Value: GA1.2.1652315665.1710278756
.airrefund.com/	1970-01-20 19:06:05	Name: _gid Value: GA1.2.555127860.1710278756
.airrefund.com/	1970-01-20 19:04:38	Name: _gat_UA-63937490-3 Value: 1
.airrefund.com/	1970-01-21 04:40:38	Name: _ga_X9ST4TFXWZ Value: GS1.1.1710278755.1.0.1710278755.0.0.0
.doubleclick.net/	1970-01-20 19:04:39	Name: test_cookie Value: CheckForPermission
.airrefund.com/	1970-01-20 21:14:14	Name: _fbp Value: fb.1.1710278756137.1842268350
.airrefund.com/	1970-01-21 04:26:14	Name: _tt_enable_cookie Value: 1
.airrefund.com/	1970-01-21 04:26:14	Name: _ttp Value: lRNa8ltZ9pyKwfHuVfRYSMoPBoN
visa-claim.airrefund.com/	1970-01-20 23:23:50	Name: __hstc Value: 149450473.1918b8cd6039c967038987e64e4f6401.1710278756550.1710278756550.1710278756550.1
visa-claim.airrefund.com/	1970-01-20 23:23:50	Name: hubspotutk Value: 1918b8cd6039c967038987e64e4f6401
visa-claim.airrefund.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
visa-claim.airrefund.com/	1970-01-20 19:04:40	Name: __hssc Value: 149450473.1.1710278756550
.hubspot.com/	1970-01-20 19:04:40	Name: __cf_bm Value: .QoSXUOq_p4K3DwMIVDoPLOr_iMsQfGXKb6JUVGeYXo-1710278757-1.0.1.1-69xkLCdpwjiI90rd3V4yhnUkBKCkc4y8PHZM1QOmS5FgwdS6IaM35Z1HBZF_4JNU1YaRN2d9A6KyIDY3YlE1NQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ySCl1zJnsIRlhq8VMniRlMn.7Ga.yjGJ6ahVPd4_XBE-1710278757108-0.0.1.1-604800000
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: DJ8PZtKvkZf5hsRDoMcKTA29zSObg4r2ixCotLEzHQM-1710278757332-0.0.1.1-604800000

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1706236556066392?v=2.9.148&r=stable&domain=visa-claim.airrefund.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://visa-claim.airrefund.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
app.termly.io
bat.bing.com
connect.facebook.net
d2htwrs017c1b3.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms-eu1.hscollectedforms.net
forms-eu1.hsforms.com
google.com
googleads.g.doubleclick.net
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hscollectedforms.net
js.hs-scripts.com
o78139.ingest.sentry.io
server-side-tagging-6dborax6xa-ez.a.run.app
static.dialogflow.com
stats.g.doubleclick.net
track-eu1.hubspot.com
visa-api-en.airrefund.com
visa-claim.airrefund.com
visa-portal-en.airrefund.com
widget.trustpilot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
13.225.214.29
172.65.192.122
172.65.202.201
172.65.208.22
172.65.232.43
172.65.238.60
172.65.240.166
18.238.55.35
2001:4860:4802:34::35
23.48.224.106
2600:9000:20ee:6e00:18:427:27c0:21
2606:4700::6810:bc59
2606:4700::6812:1eea
2607:f8b0:4004:c09::9c
2607:f8b0:4006:806::200e
2607:f8b0:4006:80b::2003
2607:f8b0:4006:80d::2003
2607:f8b0:4006:80d::200a
2607:f8b0:4006:80e::2004
2607:f8b0:4006:817::2002
2607:f8b0:4006:817::200e
2607:f8b0:4006:81c::2003
2607:f8b0:4006:81f::2008
2620:1ec:c11::200
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
34.120.195.249
54.171.83.16
027ada4ba21950bd1d184949d58343208c5e1e722c6b31d5c9c8302cc760a3b3
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
06edac6c5ca20a9ea53915b1a8e69cbade3b54914de72eb1a82b3b7c925e8e47
086c24d6be39f40328921c0cd90e2b24e2ebc6841237c8ac42aaf94b348860fd
095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91
0b21e70ce1b85d63667496163482e21ae7fcd46ff39d2f6bd6c2bb0284f7301d
0b64e5cecaab5e569eee28d21858a862743345e9f4041ca130aba5bad624d72d
0c42c00ebb99b3f3ae90fab5ffe9fb081fa68f8e68f2b34a5054e46a99640b75
124f0540b0a531107030a6cd746f2c7b84acfe4469ba08b6792bb68da7edb984
14b7bfa977a5baf189c3744cacd6dca4ed162da7cb745361660dc4b727941f45
14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2
1c29fc696d1501f4634511d57f6e751c893aa7e24ca4ee35b5c1ad752c6b4078
26370b91f85c55342ef1b802beb66a23a859c7a1f1fe65aa5d9b7216c34ead5e
277a6668f56f3ae8b3e9871ca71e2a88a187ad49af095968e4e57f98bbfa1412
2837505c458cee19b547ec5366099aabc571c67a62e1f2d0b7fa635c29f00409
2e4314b90adf8a913eefab4888e46e71ec88fac0142b298753abafe51bbc3554
332cab48d783d243a3e3c8bf71707cb24986d61f8a347b135850692f9eca884b
364d96bae27eb977f7cb2e81e9b066d55bbbb076eb12a0e52e83e7ac30cce307
3eebbc8812a7c38170e4783074245f1fe52da81200eb4bab248c84957c7799e3
3f50e309deea05437866a39dd89bc929075756398d6314b90effdc122a1bec08
43974ed74066b207c30ffd0fed5146762e6c60745ac977004bc14507c7c42b50
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44dbbb0a1da3d1a2b3f637ba2eff82150de83164b3caf824fc0fc46633588de3
452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651
489cc25523a515c6882d930b4261527704f727b818b611224f3c2a96f4e84422
49f5900d74ef78a3c5c1a737f1c851cd20c9fd6cc814783cdb19b3b24ba4bdfc
4abb32444c621703974c4f04ddc406146e04eb191dd2d264238a2f0f17964c6d
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
55d2a81839ec88997fb57fe72169e71c11e72d496dbd0534c7cec26c16a9975a
589f5a3f734db455a235559c0788719325a340fece5d367dfc9374e3ddbc4d03
5d172f502e7f6dcc730cb618184a1cf8671bd69e6057e77b72231985e1e3925d
5d6779ed62a06476886eef947d31e6c87bcec1d371b07175fc63cd321bd3ba55
601920d6dbd057e18a986cef8af6b3e7187eed60505034bc63f53f36b456927c
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33
6735094c821ccd6a2678c42148763964257064893a6c1b6ba9647aea889d404d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b023ccccca44941b6768d437c783b2db73edcfdc7eb38f9dad7f43609483728
6dcecee0daf79c26403db79ad6cac73f864d47a47bd786d328a0bce42519265a
6e6f1a084180963f7d11d160b370c9b3322cf223ecdc39ff13244be19910d228
6fc07aa77722646010c4c4cca3b153e435fc47c47b2b0c68dc4e853212d60f9d
7034ae8d8aaa077dc02a62b5b4a0b9d0eefacc5619832a2637a9afd4ef626cc6
7c8eb3fac2da085b9b9162f25b769e760c25fbbfbe5edd7a354def8ee0bebe6b
8183c832ae14d897361d2f29c860543206daa299f27c554dd1930f85caf8b9fe
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
84ccadcc097fdd27c7eba123a3e374063baf89a5358206b4e4898fb63526afde
910aa7b5ae11a80640aa62b2953992b069d6d48e147e4e0cc029b27ff637d508
938be688db1c0feade018e565da4d5ea0e0f62f0c20bba6f0d78fa5c35f036f5
96ea3ca439216e922e854e319c6d1fa00c660834a6c6f62e89d58f9865bb0b33
a0988d54856d9188c61b89118af4753505683ebbc9d91577790fff1de94d3272
a5928dce93a6dfd81f4329f5171362cd28beb6d34eb44e41a318272cd8ad705f
a6e8aec7ccc3eb5c11b1b26ddb6d10bffafd6c57f9841e8c8d2a7a869ff696d5
a758246f43df5cf0f88a3c46a95cb7e962ec2e16327f7fc6b70d2150981b86df
a84582d41eeb6f60e1eb5174a4a34547bd94fe6ba058093a9d125e00fdadf8d5
a85d996553680d6d54ff931f0f0a808fe024c31c89dabcc45a32b57a582e6f72
ae998df15c789a6a7417e8b84f9cc8d2bd48b008807eed9caecfce8e81fb933a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b05f1b893e406dadb2ebb30a4cfaba658f7727943817f825904e1385263fc7c4
b794b242731e239089b6f6e97d663d87ea3607da51f62fb34678139b38269c5c
baf48a1dadb1a2193db78c2ce209abb89376974d123a033635eb09efc7041056
bf835282e0885e933f09fb3a9b681d9673e62deb024e49d72c4e77183bd67b4c
c06ed4d12a5f0f49c062549fbad143575c662c4620f0326cf4867e7beae579c7
c64806a48768c11a4b7371fdfdd253d563932415055bd53177b804a92eb22e85
c6b0a123972dc8c6a9e209e9f76111f623ecfb92f0ea8e0997d9733b608ac441
cfd79d38989853e22d3c9e9b45ebfe676493ecd39449b62514f43e9296953c4e
d45581591cefdeb8676d180e2ddef761b589247d8c356ddd4501f2939368e94b
d7f763d61ccb650c75de4a6b2dfa17fac882a45db3cb0e330f2706a7813281e5
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2f30516ca06644ccfe87ad9f120036656b7820413b7d4d1dd6f8d793aa00871
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
ea39106fd295ae2acf3b91bdbb602a9d60da0a84e465a4e16ab19192fc2fb56a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2b68aabe9e1c69d6455cf4c7884015da4c8f956d7822853dc0b72079a87afd7
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fb83f054f87aecbfe3d98949f65dfd9efb3cbf1f66121a0046b3f50829a3a23c
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
fea7a3df389a0f1181f9f80d79650694c9a59dde91b65cf6756390c7f1405b4c

visa-claim.airrefund.com Open in urlscan Pro 18.238.55.35 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

89 Requests

98 %HTTPS

61 %IPv6

23 Domains

30 Subdomains

28 IPs

2 Countries

3100 kBTransfer

9254 kBSize

26 Cookies

1 Outgoing links

Redirected requests

89 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

visa-claim.airrefund.com Open in urlscan Pro
18.238.55.35 Public Scan

Screenshot
Live screenshot

Full Image

89
Requests

98 %
HTTPS

61 %
IPv6

23
Domains

30
Subdomains

28
IPs

2
Countries

3100 kB
Transfer

9254 kB
Size

26
Cookies

89 HTTP transactions
11 data transactions