www.refunder.se Open in urlscan Pro
2606:4700:10::ac43:1c40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.rule.io/link/nl/n_w4x9ah/a/n_5e0/d/n_8v2i/di/n_rt/s/n_3rg9r1/e/n_zz7qj
Effective URL:
https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr...
Submission: On June 16 via api (June 16th 2022, 1:23:44 pm UTC) from IE — Scanned from DE

Summary HTTP 72 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 18 domains to perform 72 HTTP transactions. The main IP is 2606:4700:10::ac43:1c40, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.refunder.se.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 8th 2022. Valid for: a year.

This is the only time www.refunder.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:273	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	2606:4700:10:... 2606:4700:10::ac43:1c40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400e:802::200a	15169 (GOOGLE) (GOOGLE)
1	143.204.89.48 143.204.89.48	16509 (AMAZON-02) (AMAZON-02)
1	96.16.134.158 96.16.134.158	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400e:80d::200e	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	143.204.89.120 143.204.89.120	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	143.204.89.5 143.204.89.5	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	108.157.4.122 108.157.4.122	16509 (AMAZON-02) (AMAZON-02)
2	185.221.87.248 185.221.87.248	206998 (NEW-2) (NEW-2)
3 3	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.30.157.40 52.30.157.40	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
72	25

1 2606:4700:20::681a:273 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

app.rule.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2606:4700:10::ac43:1c40 (United States)

ASN13335 (CLOUDFLARENET, US)

www.refunder.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.refunder.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
resources.refunder.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:802::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-48.fra50.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.134.158 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-134-158.deploy.static.akamaitechnologies.com

appleid.cdn-apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400e:80d::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

6638233.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5450406.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-120.fra50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-5.fra50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-122.dus51.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.87.248 (Ireland)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:22::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.157.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-157-40.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	refunder.se www.refunder.se static.refunder.se resources.refunder.se	592 KB
5	doubleclick.net 2 redirects 6638233.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 125 5450406.fls.doubleclick.net	2 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 60 region1.google-analytics.com — Cisco Umbrella Rank: 9409	60 KB
5	gstatic.com fonts.gstatic.com	110 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 370 www.linkedin.com — Cisco Umbrella Rank: 527 px4.ads.linkedin.com — Cisco Umbrella Rank: 5965	3 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	119 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 677 script.hotjar.com — Cisco Umbrella Rank: 992 vars.hotjar.com — Cisco Umbrella Rank: 1037 in.hotjar.com — Cisco Umbrella Rank: 1674	67 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 9	1 KB
2	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 9300	2 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5111 adservice.google.de — Cisco Umbrella Rank: 7295	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 96	129 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 91	297 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 953	3 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 438	18 KB
1	cdn-apple.com appleid.cdn-apple.com — Cisco Umbrella Rank: 3771	18 KB
1	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 5760	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
1	rule.io 1 redirects app.rule.io — Cisco Umbrella Rank: 692111	952 B
72	18

	Domain	Requested by
13	static.refunder.se	www.refunder.se
12	www.refunder.se	www.refunder.se
10	resources.refunder.se	www.refunder.se
5	fonts.gstatic.com	fonts.googleapis.com
4	connect.facebook.net	www.refunder.se
4	www.google-analytics.com	www.refunder.se
2	px.ads.linkedin.com	2 redirects
2	bam.eu01.nr-data.net	www.refunder.se
2	5450406.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	adservice.google.com	6638233.fls.doubleclick.net 5450406.fls.doubleclick.net
2	6638233.fls.doubleclick.net	1 redirects www.refunder.se
2	www.googletagmanager.com	www.refunder.se
1	www.facebook.com
1	in.hotjar.com	www.refunder.se
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	vars.hotjar.com	www.refunder.se
1	snap.licdn.com	www.refunder.se
1	adservice.google.de	adservice.google.com
1	www.google.de
1	www.google.com
1	js-agent.newrelic.com	www.refunder.se
1	stats.g.doubleclick.net	www.refunder.se
1	script.hotjar.com	www.refunder.se
1	region1.google-analytics.com	www.googletagmanager.com
1	static.hotjar.com	www.refunder.se
1	appleid.cdn-apple.com	www.refunder.se
1	widget.trustpilot.com	www.refunder.se
1	fonts.googleapis.com	www.refunder.se
1	app.rule.io	1 redirects
72	30

This site contains links to these domains. Also see Links.

Domain
refunder.bast-i-test.se
refunderpay.se
refunder.ocast.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-08` - `2023-06-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.trustpilot.com Amazon	`2022-03-04` - `2023-04-02`	a year	crt.sh
appleid.cdn-apple.com Apple Public EV Server RSA CA 2 - G1	`2022-04-19` - `2023-05-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-25` - `2022-06-23`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-24` - `2023-02-09`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Frame ID: 2CF5B2A8E780E531A798ECDABEA34B2C
Requests: 67 HTTP requests in this frame

Frame: https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049
Frame ID: 74EA8531CB7D5DC689F70F2CE8E5B7E0
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=https://www.refunder.se/
Frame ID: 4C1977D9364D0C7506E6B0C45A5806C8
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=https://www.refunder.se/
Frame ID: C26ABED6CF6FB58D84C853396DF48E0D
Requests: 1 HTTP requests in this frame

Frame: https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik
Frame ID: 33065BADEDCC395037FE0F58E070907D
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Frame ID: 669A76416AD6D4AE2FF50B24D6ADE038
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Refunder-knappen - Refunder.se

Page URL History Show full URLs

https://app.rule.io/link/nl/n_w4x9ah/a/n_5e0/d/n_8v2i/di/n_rt/s/n_3rg9r1/e/n_zz7qj HTTP 302
https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20vikti... Page URL

Detected technologies

Apple Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

appleid\.auth\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

72
Requests

99 %
HTTPS

62 %
IPv6

18
Domains

30
Subdomains

25
IPs

4
Countries

1132 kB
Transfer

2773 kB
Size

28
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://refunder.bast-i-test.se/
Title: Bäst i Test

Search URL Search Domain Scan URL

URL: https://refunderpay.se/
Title: Refunder Pay

Search URL Search Domain Scan URL

URL: https://refunder.ocast.com/se/
Title: Annonsera på Refunder

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.rule.io/link/nl/n_w4x9ah/a/n_5e0/d/n_8v2i/di/n_rt/s/n_3rg9r1/e/n_zz7qj HTTP 302
https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://6638233.fls.doubleclick.net/activityi;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049 HTTP 302
https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049

Request Chain 55

https://5450406.fls.doubleclick.net/activityi;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik HTTP 302
https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik

Request Chain 68

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik%26utm_medium%3Demail%26utm_source%3Drule HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D77148%26time%3D1655385820619%26url%3Dhttps%253A%252F%252Fwww.refunder.se%252Frefunder-knappen%253Futm_campaign%253Dgrymt%252520viktig%252520information%252520fr%2525C3%2525A5n%252520Fredrik%2526utm_medium%253Demail%2526utm_source%253Drule%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik%26utm_medium%3Demail%26utm_source%3Drule&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik%26utm_medium%3Demail%26utm_source%3Drule&liSync=true&e_ipv6=AQKkxzfl2HYWOQAAAYFsrxAhtuZC8zfH8jMqW3WUY6Ur0k4IDGvEueCeFoU9JNHRTIdnIhU9EEpfjwn2hgZp-mv_N3bmzw

72 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request refunder-knappen Show response
www.refunder.se/
Redirect Chain

https://app.rule.io/link/nl/n_w4x9ah/a/n_5e0/d/n_8v2i/di/n_rt/s/n_3rg9r1/e/n_zz7qj
https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

185 KB
46 KB

341ms
271ms

Document
text/html

2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

41207abebefac70bfdc45632c693e90fc62bfc5ab4d3b8f99e57ab1d34060e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 71c3dc7bdc039a3f-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 16 Jun 2022 13:23:39 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
x-powered-by: PHP/8.0.20

Redirect headers

cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 71c3dc7a383e9214-FRA
content-type: text/html; charset=UTF-8
date: Thu, 16 Jun 2022 13:23:39 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kjDB266ctByLH6LcSg2EqE7%2BlsjVXqVFCchHEavTAlgWLozWa8A7JaZwiUmvSkTh%2BuhAfbCCXM5sqCiJDqyeXTVycR6icljJ635AGy1R7a2lDv%2FOso%2BQd8NwpAevJg9v9AqZM06ZoUk1"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 public.css
www.refunder.se/resources/css/ 130 KB
22 KB 66ms
65ms Stylesheet
text/css 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/resources/css/public.css?id=b4886be1fcd782060411678021ca267a

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67eba1cb560149b2ca7196fbcc1e4dbd31e4eb30172238e67612d9853f95ab33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 6324
etag: W/"62a9a587-2096a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc7dbf5b9a3f-FRA
cf-bgj: minify

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 107ms
40ms Stylesheet
text/css 2a00:1450:400e:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:400,300,700|Droid+Serif:400,700,400italic,700italic|Lato:300,400,400i,700,900,300italic|Nunito:400,700,800&subset=latin,latin-ext

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b614fa18ad4b63605494f704797024b3f1387fc3a4a3e7fd178169c5ed11cd90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 13:23:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 16 Jun 2022 13:23:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Jun 2022 13:23:39 GMT

GET
H2 200 refunder-logo.png
www.refunder.se/img/refunder_logos/ 11 KB
11 KB 54ms
53ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.refunder.se/img/refunder_logos/refunder-logo.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2508303380c18b6f35c2b8e52a6214e528b1376726c77e7c93e9b6e31c0a1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
vary: Accept
cf-cache-status: HIT
age: 6324
cf-polished: origFmt=png, origSize=22169
content-disposition: inline; filename="refunder-logo.webp"
content-length: 10854
last-modified: Wed, 15 Jun 2022 09:21:35 GMT
server: cloudflare
etag: "62a9a49f-5699"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc7dbf5e9a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 logo_refunder_inline.png
static.refunder.se/refunder_logos/ 1 KB
1 KB 92ms
52ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/refunder_logos/logo_refunder_inline.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ab00edeb9fa42770be1cab71822ec256436dbdc56ce9832885935f72008faa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 442570
cf-polished: origFmt=png, origSize=2135
x-cache: MISS, HIT
x-imgix-id: 7d6116654692778f8934c24940351eadf38bfe03
content-disposition: inline; filename="logo_refunder_inline.webp"
vary: Accept
content-length: 1038
x-served-by: cache-sjc10064-SJC, cache-bma1647-BMA
last-modified: Thu, 27 Jan 2022 16:32:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc7e0fe69a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 refunder-button-large.png
static.refunder.se/refunder_logos/ 8 KB
8 KB 106ms
67ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/refunder_logos/refunder-button-large.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

618894aab1d3c1e0c9101079410e7b20ad03bd7b6b9ed8f2987e6fdb4e7daa8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13730
cf-polished: origFmt=png, origSize=14166
x-cache: HIT, HIT
x-imgix-id: a08db615fe0a9d88a602dfee92c1198af8005f6a
content-disposition: inline; filename="refunder-button-large.webp"
vary: Accept
content-length: 8376
x-served-by: cache-sjc10066-SJC, cache-bma1625-BMA
last-modified: Tue, 01 Feb 2022 10:32:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc7e0fe89a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 chrome-web-store.jpg
static.refunder.se/sv/plugin/chrome/ 32 KB
32 KB 216ms
177ms Image
image/jpeg 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/sv/plugin/chrome/chrome-web-store.jpg

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b8377279e0119985a6bd0b3a126c48ccea46b428bcaeb116bbc4ac37022d72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-cache: MISS, HIT
x-imgix-id: 2299cf577195e5ae7e1430849483481e6d97fa38
strict-transport-security: max-age=15724800; includeSubDomains
content-length: 32834
x-served-by: cache-sjc10082-SJC, cache-bma1656-BMA
last-modified: Thu, 02 Jun 2022 14:35:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-imgix-features: {"linux_painter":"0","tannhauser_routing":"0","tannhauser_shield":"0"}
accept-ranges: bytes
cf-ray: 71c3dc7e0fec9a3f-FRA
cross-origin-resource-policy: cross-origin

GET
H2 200 logo-bonnier.png
static.refunder.se/logos/ 974 B
1 KB 107ms
68ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/logos/logo-bonnier.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9f0c3a67fb8ac422f0a72169c17f9f1dfb5d923f5620331a5f5de93c97db649

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 283437
cf-polished: origFmt=png, origSize=2037
x-cache: MISS, HIT
x-imgix-id: 07371dbb750446017698d9d6ec332d4a81685442
content-disposition: inline; filename="logo-bonnier.webp"
vary: Accept
content-length: 974
x-served-by: cache-sjc10053-SJC, cache-bma1673-BMA
last-modified: Wed, 19 Jan 2022 14:16:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc7e0fe49a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 certificate_badges.png
static.refunder.se/logos/ 35 KB
35 KB 93ms
54ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/logos/certificate_badges.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcc1d8fa963fa4d1edcfbd6d242169dee9a5e8ebfd6d6e7fcc96a49b60922db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 283437
cf-polished: origFmt=png, origSize=52190
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="certificate_badges.webp"
vary: Accept
content-length: 36010
x-served-by: cache-sjc10047-SJC, cache-bma1670-BMA
last-modified: Thu, 10 Feb 2022 15:58:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
x-imgix-id: 47ad43f8866bb866205ace9084915073d16ff25e
cache-control: public, max-age=31536000
x-imgix-features: {"linux_painter":"0","tannhauser_routing":"0","tannhauser_shield":"0"}
accept-ranges: bytes
cf-ray: 71c3dc7e0fe39a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 rocket-loader.min.js Show response
www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 41ms
41ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 21:22:53 GMT
server: cloudflare
etag: W/"62a3b62d-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 71c3dc7e08039a3f-FRA
vary: Accept-Encoding
expires: Sat, 18 Jun 2022 13:23:39 GMT

GET
H2 200 essentials.js Show response
www.refunder.se/resources/js/ 620 KB
181 KB 57ms
56ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12009ddb09fb08b2e97c158f5043528842641fddc0f8103f65bb47070a13c7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 6324
etag: W/"62a9a587-9af70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=634736
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc7e78e19a3f-FRA
cf-bgj: minify

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 19 KB
6 KB 92ms
20ms Script
application/x-javascript 143.204.89.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-48.fra50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f3496bc7c277d917d35553c46ed1597a86065494cac582e42a3a1d55aedef7fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
age: 36596
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
date: Thu, 16 Jun 2022 03:13:43 GMT
content-length: 6124
x-xss-protection: 1; mode=block
last-modified: Mon, 30 May 2022 14:38:02 GMT
server: AmazonS3
etag: "5add60196e5f96a414fb4b9586764e5d"
content-type: application/x-javascript
via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: XmPXOxBFGsXMIYQhUZJAip2Ww7yaoGH8kq1n3PSe_x_FEchd_AZTUw==

GET
H/1.1 200
OK appleid.auth.js Show response
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/sv_SE/ 43 KB
18 KB 352ms
27ms Script
application/javascript 96.16.134.158
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/sv_SE/appleid.auth.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

96.16.134.158 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-134-158.deploy.static.akamaitechnologies.com

Software

Apple /

Resource Hash

67278a57833bfcc97c005863fdf1e004c68e36aea722fe41e30a7eb5fbbef794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Thu, 26 May 2022 17:24:45 GMT
Server: Apple
ETag: W/"44314-1653585885854"
Vary: accept-encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Date: Thu, 16 Jun 2022 13:23:40 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17978

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
69 KB 86ms
38ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F14TVBNT6M

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

28b79c91fbe58e4ca226fd325772752e70f1395a16ae3c588e7cd7b75f00f0ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:39 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70224
x-xss-protection: 0
expires: Thu, 16 Jun 2022 13:23:39 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 68ms
19ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:400,300,700|Droid+Serif:400,700,400italic,700italic|Lato:300,400,400i,700,900,300italic|Nunito:400,700,800&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 159330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:08:09 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 88ms
40ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 159330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:08:09 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 22 KB
22 KB 101ms
52ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:12:19 GMT
x-content-type-options: nosniff
age: 159080
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:12:19 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 24 KB
24 KB 107ms
59ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:09:03 GMT
x-content-type-options: nosniff
age: 159276
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:09:03 GMT

GET
H2 200 S6u_w4BMUTPHjxsI9w2_Gwft.woff2
fonts.gstatic.com/s/lato/v23/ 17 KB
17 KB 101ms
53ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u_w4BMUTPHjxsI9w2_Gwft.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a961366b4346f6078cc2f164d2c019f63b37e2693f6fc93a995048a98b25c083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 17:12:19 GMT
x-content-type-options: nosniff
age: 159080
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17728
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:10:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:12:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 78ms
24ms Script
text/javascript 2a00:1450:400e:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4083
date: Thu, 16 Jun 2022 12:15:37 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 16 Jun 2022 14:15:37 GMT

GET
H2

200

activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049 Show response
6638233.fls.doubleclick.net/ Frame 74EA
Redirect Chain

https://6638233.fls.doubleclick.net/activityi;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049?
https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=878189367483...

502 B
567 B

34ms
33ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049?

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

771c701d2c7ecd3d73cdcbd36b0afc5271921a8321d51348f5eb30b074253804

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.refunder.se/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 390
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 hotjar-85928.js Show response
static.hotjar.com/c/ 4 KB
2 KB 85ms
34ms Script
application/javascript 143.204.89.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-85928.js?sv=5

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-120.fra50.r.cloudfront.net

Software

Resource Hash

0759399fada8276b069d98297a706a8f9716284684e7f5f2569486afc85bfa71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:10 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 30
etag: W/a2cbdc392d8eb70396ec6b18fda7660f
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: H3-AIK7VWc4j7WJlD1Yt7jwwrv7rZfO1jxHPxn0ntpE_U5DD5QELFw==
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)

POST
H2 204 collect
region1.google-analytics.com/g/ 0
347 B 86ms
39ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-F14TVBNT6M&gtm=2oe6f0&_p=635735795&_z=ccd.v9B&cid=951377039.1655385820&ul=en-us&sr=1600x1200&_s=1&sid=1655385820&sct=1&seg=0&dl=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik&dt=Refunder-knappen%20-%20Refunder.se&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F14TVBNT6M
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 13:23:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.refunder.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:400e:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:09:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 823
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Jun 2022 14:09:57 GMT

GET
H2 200 modules.b871a939666125f20d79.js Show response
script.hotjar.com/ 243 KB
63 KB 73ms
23ms Script
application/javascript 143.204.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b871a939666125f20d79.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.89.5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-89-5.fra50.r.cloudfront.net

Software

Resource Hash

e5827fd8bddccf8f9ca7d06936e0bd6596f9ec6aca0652086c5d593a72d84435

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 08:52:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 621094
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 64109
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 08:51:29 GMT
etag: "a7a5f230aae7accf37f785c6590c07fa"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: A3OFIn-T2csmgrqH1JwPF9yFudScvqEDbrZBZTQ332IY3Ago96MxKA==

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 97 KB
38 KB 34ms
34ms Script
application/javascript 2a00:1450:400e:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NTKGVMB&cid=951377039.1655385820

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

52ac9a96d2478d46a9da123c3d477ab27c466fae64fdf0a84b908a14e63225c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38873
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Jun 2022 13:23:40 GMT

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=htt... Frame 4C19 501 B
858 B 103ms
56ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=https://www.refunder.se/

Requested by

Host: 6638233.fls.doubleclick.net
URL: https://6638233.fls.doubleclick.net/activityi;dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

373c2a7c162b082e228ea9e42741edf1d2ca7b6dc4d456e38d4a34a0e6b86609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6638233.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 389
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 80ms
26ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-41722784-4&cid=951377039.1655385820&jid=1901030074&gjid=1099729954&_gid=1489816066.1655385820&_u=aCDAgEILQAAAAE~&z=1856807100

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.refunder.se/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 16 Jun 2022 13:23:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.refunder.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 25ms
24ms Image
image/gif 2a00:1450:400e:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=635735795&t=pageview&_s=1&dl=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik&ul=en-us&de=UTF-8&dt=Refunder-knappen%20-%20Refunder.se&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgEILQ~&jid=1901030074&gjid=1099729954&cid=951377039.1655385820&tid=UA-41722784-4&_gid=1489816066.1655385820&cd6=951377039.1655385820&z=426947088

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Jun 2022 15:59:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77055
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 59ms
19ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

482fb952e19255fd404600f85a84d9053d2ee4b7a58cb620bdfdd92d4e6dec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: /naaVMofSpX2lO0o1K6twg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: gKWrzSwglMlNV2g8LSI/q/SJ2MJ2uIlvREWblqewTaA2TbqO4MZApVn06LkurK72R1TJflJS/YOwh6WmTA+ujA==
x-fb-trip-id: 917726464
x-fb-content-md5: 2c8ac34951d99dd17b9bb0ea167b435a
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 16 Jun 2022 13:23:40 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f0f48440b37ce58551d7fcc701ac1260"
timing-allow-origin: *
expires: Thu, 16 Jun 2022 13:37:11 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 173 KB
60 KB 79ms
37ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5WXH7C

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

10779b16fe2bd366c70ce52e531309a48782318a9f05698de7ac5a60af4349af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61245
x-xss-protection: 0
last-modified: Thu, 16 Jun 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Jun 2022 13:23:40 GMT

GET
H2 200 309.72bf65f8ed754695.js Show response
resources.refunder.se/js/chunks/ 29 KB
11 KB 48ms
38ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/309.72bf65f8ed754695.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5389ff1416adaa4baa243db2e13675fe70c06ec2b1bdaba9079b3fba5d31594e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 5901
etag: W/"62a9a587-7513"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=29971
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc815daa9a3f-FRA
cf-bgj: minify

GET
H2 200 9768.26905f4495fa3273.js Show response
resources.refunder.se/js/chunks/ 16 KB
5 KB 139ms
129ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/9768.26905f4495fa3273.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84b25b32a042082272d2c2dbc4c729526dd2c5ab6c336df5c4835d1605180c02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
etag: W/"62a9a587-3f46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc814da69a3f-FRA

GET
H2 200 4552.1ad27ad347cd28d6.js Show response
resources.refunder.se/js/chunks/ 4 KB
2 KB 54ms
45ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/4552.1ad27ad347cd28d6.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa42a8c7e98653241cc9c1e600f773a87221e3a1ac98563246d8e0fd33a3087

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 6324
etag: W/"62a9a587-11b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=4536
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc815da89a3f-FRA
cf-bgj: minify

GET
H2 200 7189.db8219ba88c3a1f4.js Show response
resources.refunder.se/js/chunks/ 4 KB
2 KB 144ms
135ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/7189.db8219ba88c3a1f4.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

209a6af28867ae35c33250a74bcabbc91f74bc913a27e61f054ceda39d3a3189

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
etag: W/"62a9a587-10e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=4322
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc815da99a3f-FRA
cf-bgj: minify

GET
H2 200 643.dd415517f0a338f0.js Show response
resources.refunder.se/js/chunks/ 3 KB
1 KB 41ms
33ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/643.dd415517f0a338f0.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76bce79fa362e1b236873b6a08cddcf2e35cd1d155a22acf04c2a59821604646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 5901
etag: W/"62a9a587-a5b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=2651
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc814da49a3f-FRA
cf-bgj: minify

GET
H2 200 7499.b017d4eb1770cda6.js Show response
resources.refunder.se/js/chunks/ 1 KB
824 B 134ms
126ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/7499.b017d4eb1770cda6.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff94f0d109cb4224bd0a353808426b3461086312615e6efec34165d1ff3ae467

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
etag: W/"62a9a587-5b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=1464
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc814da59a3f-FRA
cf-bgj: minify

GET
H2 200 6441.f37ab78b246942ce.js Show response
resources.refunder.se/js/chunks/ 4 KB
2 KB 47ms
47ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/6441.f37ab78b246942ce.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

858b05a00a2e9c66c13f533aa43ac23cf108744a329674c1c244d9ad32b596f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 5901
etag: W/"62a9a587-ff0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=4080
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc819e349a3f-FRA
cf-bgj: minify

GET
H2 200 7653.f7ac5e110152b0ea.js Show response
resources.refunder.se/js/chunks/ 3 KB
1 KB 33ms
33ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/7653.f7ac5e110152b0ea.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fab400ac8cab110deb1dfe3c4ed304aa30f74aa2d5cbaabfc74ba9e9365ebc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 5901
etag: W/"62a9a587-ae1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=2785
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc819e3c9a3f-FRA
cf-bgj: minify

GET
H2 200 refunder-logo.png
www.refunder.se/img/refunder_logos/ 11 KB
11 KB 37ms
37ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.refunder.se/img/refunder_logos/refunder-logo.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2508303380c18b6f35c2b8e52a6214e528b1376726c77e7c93e9b6e31c0a1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
vary: Accept
cf-cache-status: HIT
age: 6325
cf-polished: origFmt=png, origSize=22169
content-disposition: inline; filename="refunder-logo.webp"
content-length: 10854
last-modified: Wed, 15 Jun 2022 09:21:35 GMT
server: cloudflare
etag: "62a9a49f-5699"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc814d9d9a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 logo_refunder_inline.png
static.refunder.se/refunder_logos/ 1 KB
1 KB 45ms
44ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/refunder_logos/logo_refunder_inline.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ab00edeb9fa42770be1cab71822ec256436dbdc56ce9832885935f72008faa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 442571
cf-polished: origFmt=png, origSize=2135
x-cache: MISS, HIT
x-imgix-id: 7d6116654692778f8934c24940351eadf38bfe03
content-disposition: inline; filename="logo_refunder_inline.webp"
vary: Accept
content-length: 1038
x-served-by: cache-sjc10064-SJC, cache-bma1647-BMA
last-modified: Thu, 27 Jan 2022 16:32:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc815dad9a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 refunder-button-large.png
static.refunder.se/refunder_logos/ 8 KB
8 KB 40ms
40ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/refunder_logos/refunder-button-large.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

618894aab1d3c1e0c9101079410e7b20ad03bd7b6b9ed8f2987e6fdb4e7daa8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13731
cf-polished: origFmt=png, origSize=14166
x-cache: HIT, HIT
x-imgix-id: a08db615fe0a9d88a602dfee92c1198af8005f6a
content-disposition: inline; filename="refunder-button-large.webp"
vary: Accept
content-length: 8376
x-served-by: cache-sjc10066-SJC, cache-bma1625-BMA
last-modified: Tue, 01 Feb 2022 10:32:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc815dae9a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 chrome-web-store.jpg
static.refunder.se/sv/plugin/chrome/ 25 KB
25 KB 45ms
45ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/sv/plugin/chrome/chrome-web-store.jpg

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6e648a0298f102e6011178f505a30b11e9e4c836e45f4796136332cb71a09ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1
cf-polished: qual=85, origFmt=jpeg, origSize=32834
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="chrome-web-store.webp"
vary: Accept
content-length: 25744
x-served-by: cache-sjc10082-SJC, cache-bma1656-BMA
last-modified: Thu, 02 Jun 2022 14:35:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
x-imgix-id: 2299cf577195e5ae7e1430849483481e6d97fa38
cache-control: public, max-age=31536000
x-imgix-features: {"linux_painter":"0","tannhauser_routing":"0","tannhauser_shield":"0"}
accept-ranges: bytes
cf-ray: 71c3dc815db19a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 logo-bonnier.png
static.refunder.se/logos/ 974 B
1 KB 45ms
44ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/logos/logo-bonnier.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9f0c3a67fb8ac422f0a72169c17f9f1dfb5d923f5620331a5f5de93c97db649

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 283438
cf-polished: origFmt=png, origSize=2037
x-cache: MISS, HIT
x-imgix-id: 07371dbb750446017698d9d6ec332d4a81685442
content-disposition: inline; filename="logo-bonnier.webp"
vary: Accept
content-length: 974
x-served-by: cache-sjc10053-SJC, cache-bma1673-BMA
last-modified: Wed, 19 Jan 2022 14:16:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc816de59a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 certificate_badges.png
static.refunder.se/logos/ 35 KB
35 KB 44ms
43ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/logos/certificate_badges.png

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/resources/js/essentials.js?id=cb85b662ed3baf893591aa24a1264c0c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcc1d8fa963fa4d1edcfbd6d242169dee9a5e8ebfd6d6e7fcc96a49b60922db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 283438
cf-polished: origFmt=png, origSize=52190
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="certificate_badges.webp"
vary: Accept
content-length: 36010
x-served-by: cache-sjc10047-SJC, cache-bma1670-BMA
last-modified: Thu, 10 Feb 2022 15:58:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
x-imgix-id: 47ad43f8866bb866205ace9084915073d16ff25e
cache-control: public, max-age=31536000
x-imgix-features: {"linux_painter":"0","tannhauser_routing":"0","tannhauser_shield":"0"}
accept-ranges: bytes
cf-ray: 71c3dc819e389a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 get_cookie_list Show response
www.refunder.se/ajax/ 6 KB
1 KB 38ms
38ms XHR
application/json 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/ajax/get_cookie_list

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

d27e21266097a575969ef543c76aae24d4752d4efb38bdf3ff0b1c95d591e2dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-084a023cbdfd990a8a2cd1b09ca208b2-0b318029569905cb-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiMGIzMTgwMjk1Njk5MDVjYiIsInRyIjoiMDg0YTAyM2NiZGZkOTkwYThhMmNkMWIwOWNhMjA4YjIiLCJ0aSI6MTY1NTM4NTgyMDM4NH19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-0b318029569905cb----1655385820384

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Jun 2022 12:42:45 GMT
server: cloudflare
age: 2455
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc817e039a3f-FRA

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ 49 KB
18 KB 70ms
20ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1216.min.js
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-encoding: gzip
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-request-id: 3CG6GB6WD9Q2PQQ9
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 18216
x-amz-id-2: hxk9vxHuyo17aJR2y383G7Kx6Hfapn69j2ysL3g2uYCFPxJji7ZPbZD2NaUEhlFc0/GdKTiT/bw=
x-served-by: cache-hhn4060-HHN
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1655385820.450254,VS0,VE0
date: Thu, 16 Jun 2022 13:23:40 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 4009

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 92ms
45ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41722784-4&cid=951377039.1655385820&jid=1901030074&_u=aCDAgEILQAAAAE~&z=369631090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 94ms
47ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41722784-4&cid=951377039.1655385820&jid=1901030074&_u=aCDAgEILQAAAAE~&z=369631090

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chrome Show response
www.refunder.se/svg/icon/fab/ 792 B
578 B 44ms
44ms XHR
image/svg+xml 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/svg/icon/fab/chrome

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

5487208d650f8f34cb5d819de72c4b2fd79ba56380febef622be894618feeadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-2f367acc583c2fe0f1b2b5438e814fa9-82e1e56d3e249b09-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiODJlMWU1NmQzZTI0OWIwOSIsInRyIjoiMmYzNjdhY2M1ODNjMmZlMGYxYjJiNTQzOGU4MTRmYTkiLCJ0aSI6MTY1NTM4NTgyMDQwOX19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-82e1e56d3e249b09----1655385820409

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 18:44:58 GMT
server: cloudflare
age: 67122
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc819e4e9a3f-FRA

GET
H2 200 download Show response
www.refunder.se/svg/icon/far/ 905 B
577 B 146ms
146ms XHR
image/svg+xml 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/svg/icon/far/download

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

51de73907c3c385dbc3f1ba276d0c93c560f43f907ea12eca59bf398d6771b9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-0188750be28e0b47535d4d553e7a5656-264f416f02aa1cac-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiMjY0ZjQxNmYwMmFhMWNhYyIsInRyIjoiMDE4ODc1MGJlMjhlMGI0NzUzNWQ0ZDU1M2U3YTU2NTYiLCJ0aSI6MTY1NTM4NTgyMDQxMH19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-264f416f02aa1cac----1655385820410

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Thu, 16 Jun 2022 13:23:40 GMT
server: cloudflare
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc819e519a3f-FRA

GET
H2 200 check Show response
www.refunder.se/svg/icon/far/ 523 B
505 B 178ms
178ms XHR
image/svg+xml 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/svg/icon/far/check

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

406410904f9322664d371839a8a9552b66116fd0157b9443925ea4f53436d851

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-68760f865a6da6b8c9936bfed05d4fca-0b5fb0cfa2de6e2d-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiMGI1ZmIwY2ZhMmRlNmUyZCIsInRyIjoiNjg3NjBmODY1YTZkYTZiOGM5OTM2YmZlZDA1ZDRmY2EiLCJ0aSI6MTY1NTM4NTgyMDQxMX19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-0b5fb0cfa2de6e2d----1655385820411

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Wed, 15 Jun 2022 13:12:20 GMT
server: cloudflare
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc81ae559a3f-FRA

GET
H2 200 arrow-up-right-from-square Show response
www.refunder.se/svg/icon/far/ 844 B
579 B 143ms
143ms XHR
image/svg+xml 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/svg/icon/far/arrow-up-right-from-square

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

b95e46f1da3bb71df924e754ba12cb6edcafdf4a84aaffbf3f866b3dbebeaed0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-9fea6eae470f616d3c4481f6754ccbcd-a7a0eabe5098d0da-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiYTdhMGVhYmU1MDk4ZDBkYSIsInRyIjoiOWZlYTZlYWU0NzBmNjE2ZDNjNDQ4MWY2NzU0Y2NiY2QiLCJ0aSI6MTY1NTM4NTgyMDQxMX19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-a7a0eabe5098d0da----1655385820411

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Thu, 16 Jun 2022 13:23:40 GMT
server: cloudflare
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc81ae579a3f-FRA

GET
H2 200 user Show response
www.refunder.se/svg/icon/fal/ 766 B
532 B 40ms
40ms XHR
image/svg+xml 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.refunder.se/svg/icon/fal/user

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/8.0.20

Resource Hash

6fe0da32ad16c75e58516c9de80c7a5fe3379a3cc614f56c2f515413062e8acd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

X-NewRelic-ID: VwIPU1FQCRADU1NWBgEDUVY=
X-CSRF-TOKEN: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
traceparent: 00-b07f6aec1733d356f1adb03e0e65b2ab-2a951dbd9b4a49bf-01
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0ODI3MzEiLCJhcCI6IjM3MjQ1MTAwNCIsImlkIjoiMmE5NTFkYmQ5YjRhNDliZiIsInRyIjoiYjA3ZjZhZWMxNzMzZDM1NmYxYWRiMDNlMGU2NWIyYWIiLCJ0aSI6MTY1NTM4NTgyMDQxMn19
Accept: application/json, text/plain, */*
Referer: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
X-CSRF-REFUNDER: GV1J1s1CBtmBdv9yh2JVU2GJU9uPKPHj1pqBRCVg
X-Requested-With: XMLHttpRequest
tracestate: 3482731@nr=0-1-3482731-372451004-2a951dbd9b4a49bf----1655385820412

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Jun 2022 12:42:45 GMT
server: cloudflare
age: 2455
x-powered-by: PHP/8.0.20
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=31536000
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc81ae589a3f-FRA

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 294 KB
84 KB 42ms
20ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=12d39bb6d4f2861d5ce31298ab522a2a

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e7a79b9c134cad90a647959ed989effa3e3a7393a00554fb645a9fc3ab8dc052

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.refunder.se/
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: HWV9wenBX24ONzzHkhg9Bg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85918
x-fb-rlafr: 0
x-fb-debug: KVFRajSgB2gthAZBbHkR1h6kgqmsEcx7Co1ebnoobgEn5GBG8t5JhE0mCkpYhlG5eGCArEtXsvkoBjrRpaPdZQ==
x-fb-content-md5: 4f24936a0510f709967e8fb79cf3873e
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 16 Jun 2022 13:23:40 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "bba3075c9a7fea024d8e3fca99959658"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 16 Jun 2023 05:40:08 GMT

GET
H2 200 / Show response
adservice.google.de/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=http... Frame C26A 194 B
870 B 105ms
58ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=https://www.refunder.se/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CPGdm96IsvgCFRLO1Qodaa0AVw;src=6638233;type=page-0;cat=sitez0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6611267175;num=8781893674832.049;~oref=https://www.refunder.se/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Thu, 16 Jun 2022 13:23:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_so... Show response
5450406.fls.doubleclick.net/ Frame 3306
Redirect Chain

https://5450406.fls.doubleclick.net/activityi;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_...
https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.ref...

526 B
432 B

58ms
58ms

Document
text/html

142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WXH7C

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

07c49eb2f415712f5eb1034e37240aa81dd5bccf89ddaf8df9514c124abfef75

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 407
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Thu, 16 Jun 2022 13:23:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Jun 2022 13:23:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
26 KB 43ms
20ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: 8ny6HDRUG/qOBjtOsRPJ/9WUiRzTGRO4EePOnBI7gjCA8tG/yr16nR2LLbi80JfN2K40Enf52yw5i1jMl5O9XA==
x-frame-options: DENY
date: Thu, 16 Jun 2022 13:23:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 60ms
20ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 13:23:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=58647
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 box-63c3a81830bf549dafe40b369003f751.html Show response
vars.hotjar.com/ Frame 669A 2 KB
1 KB 72ms
21ms Document
text/html 108.157.4.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-122.dus51.r.cloudfront.net
Software: /
Resource Hash: f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6

Request headers

Referer: https://www.refunder.se/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1403374
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 May 2022 07:34:06 GMT
etag: "e6fb1304cb60a0dea0f76f7077cb13c6"
last-modified: Tue, 31 May 2022 07:33:23 GMT
vary: Accept-Encoding
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
x-amz-cf-id: oUYeh-EWzEyOh3dLHhWZHErERkMg2J2JHUS_vgsWugRydGSl8HeNJQ==
x-amz-cf-pop: DUS51-P2
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 892.17f3c909a43e05d5.js Show response
resources.refunder.se/js/chunks/ 10 KB
3 KB 44ms
42ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/892.17f3c909a43e05d5.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f15f5f805926a7af0738a336dbc4a6662852fc06bc14425ec0e9759a73b0a03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 2455
etag: W/"62a9a587-263e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=9790
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc821f2d9a3f-FRA
cf-bgj: minify

GET
H/1.1 200
OK NRJS-c29ae83cbb449485bc2 Show response
bam.eu01.nr-data.net/1/ 49 B
1 KB 116ms
62ms Script
text/javascript 185.221.87.248
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-c29ae83cbb449485bc2?a=372410472&v=1216.487a282&to=MhBSZQoZWxVQAU0KDgtacVIMEVoIHhJVFgYMGx5YFhxQHg%3D%3D&rst=1323&ck=1&ref=https://www.refunder.se/refunder-knappen&ap=65&be=868&fe=1217&dc=1215&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1655385819173,%22n%22:0,%22f%22:245,%22dn%22:246,%22dne%22:272,%22c%22:272,%22s%22:290,%22ce%22:315,%22rq%22:315,%22rp%22:586,%22rpe%22:666,%22dl%22:589,%22di%22:669,%22ds%22:719,%22de%22:719,%22dc%22:866,%22l%22:866,%22le%22:880%7D,%22navigation%22:%7B%7D%7D&fp=795&fcp=795&at=HldRE0IDSBs%3D&jsonp=NREUM.setToken
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.248 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Thu, 16 Jun 2022 13:23:40 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 3
cross-origin-resource-policy: cross-origin
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Connection: keep-alive
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzKgGsGC0XuqWlXZtacTbYiSgevL6G2aqfLibIVEIAN%2BM31s9%2BEmLbTnN6jpfmplqNmKTkCH1jHp6QRA8Dy2tXOEJ72GngHDND%2B5OdWP04u5mBFNq6UJ8gASl2dRNzSB2cCwiEif"}],"group":"cf-nel","max_age":604800}
Content-Type: text/javascript
Access-Control-Allow-Origin: *
access-control-allow-credentials: true
CF-Ray: 71c3dc827fd49170-FRA

GET
H2 200 3639.a9d90a80bbad68a3.js Show response
resources.refunder.se/js/chunks/ 8 KB
2 KB 40ms
39ms Script
application/javascript 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.refunder.se/js/chunks/3639.a9d90a80bbad68a3.js

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

312e705da89d6c2e406c6af30c7e127d0a39200552bd59c4caa670dee06dad09

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 15 Jun 2022 09:25:27 GMT
server: cloudflare
age: 369
etag: W/"62a9a587-1ef9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=7929
strict-transport-security: max-age=15724800; includeSubDomains
cf-ray: 71c3dc823f5f9a3f-FRA
cf-bgj: minify

GET
DATA 200
OK truncated
/ 1 KB
1 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d8e9ce7f3b3eda9aa2891f7bcddd7a41b25e13bb8e5c6bbd2391071e9112aa5

Request headers

Referer
Origin: https://www.refunder.se
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 screen-3.jpg
static.refunder.se/sv/plugin/ 72 KB
73 KB 34ms
33ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/sv/plugin/screen-3.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41d0f5ae7fd06bebb71a5ae00baa4fd0b2f9b6e1e484fd631e93273e56f1d3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13730
cf-polished: qual=85, origFmt=jpeg, origSize=98823
x-cache: MISS, HIT
x-imgix-id: 55efcfb3a248748c421dad8948974a426da2c577
content-disposition: inline; filename="screen-3.webp"
vary: Accept
content-length: 74108
x-served-by: cache-sjc10039-SJC, cache-bma1655-BMA
last-modified: Tue, 31 May 2022 07:08:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc826fb69a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 screen-1.jpg
static.refunder.se/sv/plugin/ 33 KB
33 KB 46ms
45ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/sv/plugin/screen-1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dd93b4b31f323a309ac69ba6af919c449ab73dcc8d9031b47dac7ce10b35c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13730
cf-polished: qual=85, origFmt=jpeg, origSize=53769
x-cache: MISS, HIT
x-imgix-id: dfab29a2f870d959c85c432eea4765bd1283485e
content-disposition: inline; filename="screen-1.webp"
vary: Accept
content-length: 33834
x-served-by: cache-sjc10070-SJC, cache-bma1621-BMA
last-modified: Mon, 11 Apr 2022 08:00:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 71c3dc826fb79a3f-FRA
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri

GET
H2 200 screen-2.jpg
static.refunder.se/sv/plugin/ 30 KB
30 KB 55ms
55ms Image
image/webp 2606:4700:10::ac43:1c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.refunder.se/sv/plugin/screen-2.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c40 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

925d29fd35c5a9ad014faff7a05a7beb6f80d3c00e7129455279c47d8f677462

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13730
cf-polished: qual=85, origFmt=jpeg, origSize=48351
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="screen-2.webp"
vary: Accept
content-length: 30214
x-served-by: cache-sjc10048-SJC, cache-bma1644-BMA
last-modified: Thu, 02 Jun 2022 14:35:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/webp
access-control-allow-origin: *
x-imgix-id: 05ca5adf9f1820ea6115ee5e2f255f5beab27722
cache-control: public, max-age=31536000
x-imgix-features: {"linux_painter":"0","tannhauser_routing":"0","tannhauser_shield":"0"}
accept-ranges: bytes
cf-ray: 71c3dc826fb99a3f-FRA
cf-bgj: imgq:85,h2pri

GET
H3 200 1708459026105222 Show response
connect.facebook.net/signals/config/ 26 KB
7 KB 58ms
57ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1708459026105222?v=2.9.62&r=stable

Requested by

Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4ea039f5ac94c36573189b7a2240da40ea12156863b7cae3d95eddf22116e3ef

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: E+Wi4ogNbDZhbmxs1ywrEJ2wL3gH3n5ruPmsY+5JIeXogWRre+cbrUabMrrliRDu858CuTKUCIQehPZjBjKQMw==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 16 Jun 2022 13:23:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1655385820656
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=*;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Dem...
adservice.google.com/ddm/fls/z/ Frame 3306 42 B
63 B 94ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=*;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik

Requested by

Host: 5450406.fls.doubleclick.net
URL: https://5450406.fls.doubleclick.net/activityi;dc_pre=CKqAsN6IsvgCFc4bBgAdr6sD7w;src=5450406;type=123;cat=refun00;ord=9709145937329;gtm=2wg6f0;auiddc=235755891.1655385820;~oref=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5450406.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Jun 2022 13:23:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D77148%26time%3D1655385820619%26url%3Dhttps%253A%252F%252Fwww.refunder.se%252Frefu...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n...

0
265 B

220ms
174ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik%26utm_medium%3Demail%26utm_source%3Drule&liSync=true&e_ipv6=AQKkxzfl2HYWOQAAAYFsrxAhtuZC8zfH8jMqW3WUY6Ur0k4IDGvEueCeFoU9JNHRTIdnIhU9EEpfjwn2hgZp-mv_N3bmzw
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:41 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 1C2A9A9F884D44C5BD214457ABBFACD4 Ref B: FRAEDGE1314 Ref C: 2022-06-16T13:23:41Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkIvaUGR/xIqjRAQn/A==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 16 Jun 2022 13:23:41 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 48385CE40E804ECC90C60F78A1223E96 Ref B: VIEEDGE1317 Ref C: 2022-06-16T13:23:41Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=77148&time=1655385820619&url=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik%26utm_medium%3Demail%26utm_source%3Drule&liSync=true&e_ipv6=AQKkxzfl2HYWOQAAAYFsrxAhtuZC8zfH8jMqW3WUY6Ur0k4IDGvEueCeFoU9JNHRTIdnIhU9EEpfjwn2hgZp-mv_N3bmzw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhkIvWrl3klBnLgQRSIg==

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/85928/ 148 B
322 B 131ms
46ms XHR
application/json 52.30.157.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/85928/visit-data?sv=5
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.157.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-157-40.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3dca05421db1a4f3c0518f74af0e01b2e8092fc76f735e1fc65b85686f12008d

Request headers

Referer: https://www.refunder.se/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK NRJS-c29ae83cbb449485bc2 Show response
bam.eu01.nr-data.net/events/1/ 24 B
863 B 53ms
52ms XHR
image/gif 185.221.87.248
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/events/1/NRJS-c29ae83cbb449485bc2?a=372410472&v=1216.487a282&to=MhBSZQoZWxVQAU0KDgtacVIMEVoIHhJVFgYMGx5YFhxQHg%3D%3D&rst=1475&ck=1&ref=https://www.refunder.se/refunder-knappen
Requested by: Host: www.refunder.se
URL: https://www.refunder.se/refunder-knappen?utm_source=rule&utm_medium=email&utm_campaign=grymt%20viktig%20information%20fr%C3%A5n%20Fredrik
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.248 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.refunder.se/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 16 Jun 2022 13:23:40 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.refunder.se
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zj4UNtvJUpxQCustB9PFnYXUndU71deJnTl9fdnzB%2Fu40kVXEL8qHeV0pX2Vf6tE7H8QP2MOpMpHCzDUZfQuKg3JJPdbQvRIFP1Ef4w1btf3b4IkiMkH1rS3SsddMYUBPWfgxg16"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
Connection: keep-alive
CF-Ray: 71c3dc8318ea9170-FRA
Content-Length: 24

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 70ms
21ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1708459026105222&ev=PageView&dl=https%3A%2F%2Fwww.refunder.se%2Frefunder-knappen%3Futm_source%3Drule%26utm_medium%3Demail%26utm_campaign%3Dgrymt%2520viktig%2520information%2520fr%25C3%25A5n%2520Fredrik&rl=&if=false&ts=1655385820680&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=28&fbp=fb.1.1655385820678.303440559&it=1655385820609&coo=false&exp=p1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.refunder.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 13:23:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 16 Jun 2022 13:23:40 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.rule.io/	1970-01-20 03:49:53	Name: laravel_session Value: eyJpdiI6InZsME1yVExReUVmQWdGQjdWWU5HMmc9PSIsInZhbHVlIjoiR2V1dUxSRi83bmd0VHZDRk1sSlRjSzhPVXgyZEx4TnV1ZG1XYmo5enc1UUlPZmRwRnlGSklQc0thZ3RQVWNORkhTelZ5aDUxRjFwREZjOFV5OFVGUGQzbWk1ZGJMKzh4N3RlSHQ1R0U2S3VIbHc5NWZIZzB1VEkrbmFLTjBFeWUiLCJtYWMiOiIzN2RlZDMwM2VkNWY4NzAzYWVjOWEzYjcyYmNhMTVkYTFlYzJiNWU1MzI5ZDMwOGJkYjA3MDMyYTEyZWQ2MDk4IiwidGFnIjoiIn0%3D
www.refunder.se/	1970-01-20 03:51:12	Name: XSRF-TOKEN Value: eyJpdiI6ImxPTGhmSms2UDVDdVQ3VGVVQ3QzeGc9PSIsInZhbHVlIjoicklNaEFhbFg2RWJuVmorOTF0a3Z0QWxUZUFtWmx1UWZwWFdCWU5pTkN5aHVvd24ySGdmcVo3QWxpejlzVDU0YUtZVUNpSWRSLzc5UzIrQXJqOVBobmcxVnkxSWxNaUlxWGkwbkUzYXU3Yzh2aWc3dVZDUjdOMFVEZ1RSVUdkRHoiLCJtYWMiOiIwNzJlNzU4YmJkZDc1Zjg1YTJlMjJkNzE3ZWI5MmQzOWE3NmE0NGUxNjBkYjJkMzNhMzlhM2Q5OGQ3NmJmMTgyIiwidGFnIjoiIn0%3D
www.refunder.se/	1970-01-20 03:51:12	Name: refunder_session Value: eyJpdiI6Imt5bE1OWjYxK3dMdk1xakUvZ2wvdEE9PSIsInZhbHVlIjoiUEU0UTgwbEpBZUFDOUgxd3VGZnE3dTV1TlJaNzVSalZvS0gxWCtzdVY0RHZMNWx3U0xaZURsdEluYjZ3LzVmZFlMWG94MmN1a3lJTnlvZWQzSytlUHlQZjNnSGJRQVVqWmJRcjRzWWJEOXRFajZYSHd5YjMvMXFXbmh6WFBzU08iLCJtYWMiOiJkNDQ4MWUxNTExMzYzZjYwZGJkZjQ5NGI5NzEzNzQ1YmNkNzNjYTM5ZTViYWQ2M2U3YzBiYjNiYzc1YTI5MzU1IiwidGFnIjoiIn0%3D
.refunder.se/	1970-01-20 21:20:57	Name: _ga_F14TVBNT6M Value: GS1.1.1655385820.1.0.1655385820.0
.refunder.se/	1970-01-20 21:20:57	Name: _ga Value: GA1.2.951377039.1655385820
.refunder.se/	1970-01-20 03:51:12	Name: _gid Value: GA1.2.1489816066.1655385820
.refunder.se/	1970-01-20 03:49:45	Name: _gat Value: 1
www.refunder.se/	1970-01-20 04:32:57	Name: re_utm_source Value: cnVsZQ%3D%3D
www.refunder.se/	1970-01-20 04:32:57	Name: re_utm_medium Value: ZW1haWw%3D
www.refunder.se/	1970-01-20 04:32:57	Name: re_utm_campaign Value: Z3J5bXQgdmlrdGlnIGluZm9ybWF0aW9uIGZy5W4gRnJlZHJpaw%3D%3D
.refunder.se/	1970-01-20 05:59:21	Name: _gcl_au Value: 1.1.235755891.1655385820
.doubleclick.net/	1970-01-20 13:11:21	Name: IDE Value: AHWqTUltIq9f5pHKzMih2yvWB9U5g05csB1WVtldp9-h0Vvh9qTFY9WKG57o6w1QaQ8
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 721688ebb3e4ef78
.refunder.se/	1970-01-20 12:35:21	Name: _hjSessionUser_85928 Value: eyJpZCI6IjU2Mjk2ZjMxLWEwNGItNTk4Yi1hYWQ3LWJmOWNkZTUxNDQ0MSIsImNyZWF0ZWQiOjE2NTUzODU4MjAyNjcsImV4aXN0aW5nIjpmYWxzZX0=
.refunder.se/	1970-01-20 03:49:47	Name: _hjFirstSeen Value: 1
www.refunder.se/	1970-01-20 03:49:45	Name: _hjIncludedInSessionSample Value: 0
.refunder.se/	1970-01-20 03:49:47	Name: _hjSession_85928 Value: eyJpZCI6ImFjMDNhYWIyLTdjM2UtNDk2MS1iZGY1LTFiMmI4MThkYWRhOSIsImNyZWF0ZWQiOjE2NTUzODU4MjA2MzcsImluU2FtcGxlIjpmYWxzZX0=
www.refunder.se/	1970-01-20 03:49:45	Name: _hjIncludedInPageviewSample Value: 1
.refunder.se/	1970-01-20 03:49:47	Name: _hjAbsoluteSessionInProgress Value: 0
.refunder.se/	1970-01-20 05:59:21	Name: _fbp Value: fb.1.1655385820678.303440559
.linkedin.com/	1970-01-20 04:32:57	Name: UserMatchHistory Value: AQLuWwFOzl4GLQAAAYFsrw53_Df4l10IBi_QJ515bBmEiOxvHWexhKSGGSiv8DiiiGuWhOkw2FD8NQ
.linkedin.com/	1970-01-20 04:32:57	Name: AnalyticsSyncHistory Value: AQKJjr-IkFPCZAAAAYFsrw532zfbSmtBf_ofIvUcn7lMZSKNq474HYfk0HL03u7YfW5CvIpNK9klJqL6wXZDSw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 21:21:39	Name: bcookie Value: "v=2&0b76f8b7-c834-4e6b-8e29-8931083142c3"
.linkedin.com/	1970-01-20 03:51:12	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=2772:u=1:x=1:i=1655385820:t=1655472220:v=2:sig=AQFG69u9_4rw8Npb9k8GEP7fX618VZAO"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 21:21:39	Name: bscookie Value: "v=1&2022061613234060f2252a-a7be-4910-8146-ab2c1ede995bAQGTlnTcMsKIfqxUO7oDAJ7aw36x7LE_"
.linkedin.com/	1970-01-20 21:16:52	Name: li_gc Value: MTswOzE2NTUzODU4MjA7MjswMjEkbWyukzWgl0q2wgKaFTGkYh6u5OAjSi2vB31VFFx2Vg==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5450406.fls.doubleclick.net
6638233.fls.doubleclick.net
adservice.google.com
adservice.google.de
app.rule.io
appleid.cdn-apple.com
bam.eu01.nr-data.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
in.hotjar.com
js-agent.newrelic.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
resources.refunder.se
script.hotjar.com
snap.licdn.com
static.hotjar.com
static.refunder.se
stats.g.doubleclick.net
vars.hotjar.com
widget.trustpilot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.refunder.se
108.157.4.122
13.107.42.14
142.250.185.70
143.204.89.120
143.204.89.48
143.204.89.5
151.101.194.137
185.221.87.248
2001:4860:4802:34::36
2606:4700:10::ac43:1c40
2606:4700:20::681a:273
2620:1ec:22::14
2a00:1450:4001:800::2002
2a00:1450:4001:800::2008
2a00:1450:4001:810::2003
2a00:1450:4001:810::2004
2a00:1450:4001:828::2003
2a00:1450:4001:82b::2002
2a00:1450:400c:c0c::9a
2a00:1450:400e:802::200a
2a00:1450:400e:80d::200e
2a02:26f0:3500:16::215:149b
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
52.30.157.40
96.16.134.158
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0759399fada8276b069d98297a706a8f9716284684e7f5f2569486afc85bfa71
07c49eb2f415712f5eb1034e37240aa81dd5bccf89ddaf8df9514c124abfef75
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
10779b16fe2bd366c70ce52e531309a48782318a9f05698de7ac5a60af4349af
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12009ddb09fb08b2e97c158f5043528842641fddc0f8103f65bb47070a13c7ff
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
209a6af28867ae35c33250a74bcabbc91f74bc913a27e61f054ceda39d3a3189
28b79c91fbe58e4ca226fd325772752e70f1395a16ae3c588e7cd7b75f00f0ce
2dd93b4b31f323a309ac69ba6af919c449ab73dcc8d9031b47dac7ce10b35c50
312e705da89d6c2e406c6af30c7e127d0a39200552bd59c4caa670dee06dad09
373c2a7c162b082e228ea9e42741edf1d2ca7b6dc4d456e38d4a34a0e6b86609
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
3dca05421db1a4f3c0518f74af0e01b2e8092fc76f735e1fc65b85686f12008d
406410904f9322664d371839a8a9552b66116fd0157b9443925ea4f53436d851
41207abebefac70bfdc45632c693e90fc62bfc5ab4d3b8f99e57ab1d34060e02
41d0f5ae7fd06bebb71a5ae00baa4fd0b2f9b6e1e484fd631e93273e56f1d3b2
482fb952e19255fd404600f85a84d9053d2ee4b7a58cb620bdfdd92d4e6dec87
4ea039f5ac94c36573189b7a2240da40ea12156863b7cae3d95eddf22116e3ef
51de73907c3c385dbc3f1ba276d0c93c560f43f907ea12eca59bf398d6771b9d
52ac9a96d2478d46a9da123c3d477ab27c466fae64fdf0a84b908a14e63225c7
5389ff1416adaa4baa243db2e13675fe70c06ec2b1bdaba9079b3fba5d31594e
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5487208d650f8f34cb5d819de72c4b2fd79ba56380febef622be894618feeadc
5d8e9ce7f3b3eda9aa2891f7bcddd7a41b25e13bb8e5c6bbd2391071e9112aa5
618894aab1d3c1e0c9101079410e7b20ad03bd7b6b9ed8f2987e6fdb4e7daa8a
67278a57833bfcc97c005863fdf1e004c68e36aea722fe41e30a7eb5fbbef794
67eba1cb560149b2ca7196fbcc1e4dbd31e4eb30172238e67612d9853f95ab33
6fab400ac8cab110deb1dfe3c4ed304aa30f74aa2d5cbaabfc74ba9e9365ebc5
6fe0da32ad16c75e58516c9de80c7a5fe3379a3cc614f56c2f515413062e8acd
76bce79fa362e1b236873b6a08cddcf2e35cd1d155a22acf04c2a59821604646
771c701d2c7ecd3d73cdcbd36b0afc5271921a8321d51348f5eb30b074253804
7f15f5f805926a7af0738a336dbc4a6662852fc06bc14425ec0e9759a73b0a03
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84b25b32a042082272d2c2dbc4c729526dd2c5ab6c336df5c4835d1605180c02
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858b05a00a2e9c66c13f533aa43ac23cf108744a329674c1c244d9ad32b596f5
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
925d29fd35c5a9ad014faff7a05a7beb6f80d3c00e7129455279c47d8f677462
99ab00edeb9fa42770be1cab71822ec256436dbdc56ce9832885935f72008faa
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a961366b4346f6078cc2f164d2c019f63b37e2693f6fc93a995048a98b25c083
b614fa18ad4b63605494f704797024b3f1387fc3a4a3e7fd178169c5ed11cd90
b95e46f1da3bb71df924e754ba12cb6edcafdf4a84aaffbf3f866b3dbebeaed0
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
bcc1d8fa963fa4d1edcfbd6d242169dee9a5e8ebfd6d6e7fcc96a49b60922db3
c2508303380c18b6f35c2b8e52a6214e528b1376726c77e7c93e9b6e31c0a1d6
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d27e21266097a575969ef543c76aae24d4752d4efb38bdf3ff0b1c95d591e2dc
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5827fd8bddccf8f9ca7d06936e0bd6596f9ec6aca0652086c5d593a72d84435
e6e648a0298f102e6011178f505a30b11e9e4c836e45f4796136332cb71a09ab
e7a79b9c134cad90a647959ed989effa3e3a7393a00554fb645a9fc3ab8dc052
e9f0c3a67fb8ac422f0a72169c17f9f1dfb5d923f5620331a5f5de93c97db649
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6
f0b8377279e0119985a6bd0b3a126c48ccea46b428bcaeb116bbc4ac37022d72
f3496bc7c277d917d35553c46ed1597a86065494cac582e42a3a1d55aedef7fb
faa42a8c7e98653241cc9c1e600f773a87221e3a1ac98563246d8e0fd33a3087
ff94f0d109cb4224bd0a353808426b3461086312615e6efec34165d1ff3ae467

www.refunder.se Open in urlscan Pro 2606:4700:10::ac43:1c40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

99 %HTTPS

62 %IPv6

18 Domains

30 Subdomains

25 IPs

4 Countries

1132 kBTransfer

2773 kBSize

28 Cookies

3 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.refunder.se Open in urlscan Pro
2606:4700:10::ac43:1c40 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

99 %
HTTPS

62 %
IPv6

18
Domains

30
Subdomains

25
IPs

4
Countries

1132 kB
Transfer

2773 kB
Size

28
Cookies

72 HTTP transactions
1 data transactions