returnsandrefund.com Open in urlscan Pro
18.156.95.187 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cdn-4.returnsandrefund.com/
Effective URL:
https://returnsandrefund.com/
Submission: On June 05 via automatic, source certstream-suspicious (June 5th 2021, 7:13:46 am UTC)

Summary HTTP 144 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 14 domains to perform 144 HTTP transactions. The main IP is 18.156.95.187, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is returnsandrefund.com.
TLS certificate: Issued by R3 on April 29th 2021. Valid for: 3 months.

This is the only time returnsandrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:4d7e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
45	18.156.95.187 18.156.95.187	16509 (AMAZON-02) (AMAZON-02)
17	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3032::ac43:b890	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
5	3.127.76.126 3.127.76.126	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:218f:e000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
144	21

1 2606:4700:3037::6815:4d7e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn-4.returnsandrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 18.156.95.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com

returnsandrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:b890 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.127.76.126 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218f:e000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	returnsandrefund.com 1 redirects cdn-4.returnsandrefund.com returnsandrefund.com	289 KB
23	googlesyndication.com 5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	44 KB
18	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	166 KB
15	ampproject.org cdn.ampproject.org	300 KB
10	google.com 1 redirects adservice.google.com www.google.com	2 KB
7	gstatic.com fonts.gstatic.com	197 KB
6	google.de adservice.google.de	1 KB
6	googleapis.com fonts.googleapis.com	4 KB
5	ezoic.net g.ezoic.net	765 B
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	quantcount.com rules.quantcount.com	427 B
1	googletagmanager.com www.googletagmanager.com	35 KB
1	ezodn.com go.ezodn.com	64 KB
144	14

	Domain	Requested by
45	returnsandrefund.com	returnsandrefund.com
17	securepubads.g.doubleclick.net	returnsandrefund.com securepubads.g.doubleclick.net
15	cdn.ampproject.org	securepubads.g.doubleclick.net
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com returnsandrefund.com cdn.ampproject.org
7	pagead2.googlesyndication.com	returnsandrefund.com securepubads.g.doubleclick.net tpc.googlesyndication.com
7	fonts.gstatic.com	fonts.googleapis.com
6	adservice.google.com	securepubads.g.doubleclick.net
6	adservice.google.de	securepubads.g.doubleclick.net
6	fonts.googleapis.com	returnsandrefund.com securepubads.g.doubleclick.net
5	g.ezoic.net	returnsandrefund.com
4	www.google.com	1 redirects tpc.googlesyndication.com returnsandrefund.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	googleads.g.doubleclick.net
1	pixel.quantserve.com	returnsandrefund.com
1	5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	returnsandrefund.com
1	www.googletagmanager.com	returnsandrefund.com
1	go.ezodn.com	returnsandrefund.com
1	cdn-4.returnsandrefund.com	1 redirects
144	20

This site contains links to these domains. Also see Links.

Domain
silktide.com
us.homesense.com

Subject Issuer	Validity	Valid
returnsandrefund.com R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
ezoic.net R3	`2021-05-23` - `2021-08-21`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://returnsandrefund.com/
Frame ID: EBB8C38A3834CED86497013AE1F96954
Requests: 89 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 0A6856FDA05C21983203729AB1D36AF5
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0205DCAE3C4AE0A0560C340E2EF54461
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: 7D95414E3932E1BF6D327D1BE1128C75
Requests: 20 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: D86337127398D95A640F8C2C5F2D65B6
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: E89B0060AB1F8A6162B05E3E1E6E059F
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cdn-4.returnsandrefund.com/ HTTP 301
https://returnsandrefund.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

144
Requests

98 %
HTTPS

86 %
IPv6

14
Domains

20
Subdomains

21
IPs

2
Countries

1130 kB
Transfer

2968 kB
Size

21
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://us.homesense.com/
Title: link here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cdn-4.returnsandrefund.com/ HTTP 301
https://returnsandrefund.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

144 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
returnsandrefund.com/
Redirect Chain

https://cdn-4.returnsandrefund.com/
https://returnsandrefund.com/

113 KB
27 KB

611ms
566ms

Document
text/html

18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: aae0182c26976e1c13794585a46019e9d25477b9f55e9c49631243c48e978ae2

Request headers

:method: GET
:authority: returnsandrefund.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

age: 57297
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 05 Jun 2021 07:13:27 GMT
display: pub_site_sol
expires: Fri, 04 Jun 2021 07:13:27 GMT
last-modified: Sat, 05 Jun 2021 04:13:14 GMT
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_200400=-1; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 07:43:27 UTC ezoref_200400=; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 09:13:27 UTC ezoab_200400=mod11; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 09:13:27 UTC active_template::200400=pub_site.1622877207; Path=/; Domain=returnsandrefund.com; Expires=Mon, 07 Jun 2021 07:13:27 UTC ezopvc_200400=1; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 07:43:27 UTC ezepvv=0; Path=/; Domain=returnsandrefund.com; Expires=Sun, 06 Jun 2021 07:13:27 UTC ezovid_200400=874141032; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 07:43:27 UTC lp_200400=https://returnsandrefund.com/; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 07:43:27 UTC ezovuuidtime_200400=1622877207; Path=/; Domain=returnsandrefund.com; Expires=Mon, 07 Jun 2021 07:13:27 UTC ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; Path=/; Domain=returnsandrefund.com; Expires=Sat, 05 Jun 2021 07:43:27 UTC ezCMPCCS=true; Path=/; Domain=returnsandrefund.com; Expires=Sun, 05 Jun 2022 07:13:27 GMT
vary: Accept-Encoding Accept-Encoding,User-Agent
x-cache: HIT
x-cache-hits: 563
x-ezoic-cdn: Miss
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-sol: pub_site

Redirect headers

date: Sat, 05 Jun 2021 07:13:26 GMT
content-type: text/plain; charset=utf-8
content-length: 0
cache-control: max-age=300, private
location: https://returnsandrefund.com/
vary: Accept-Encoding Accept-Encoding
x-middleton-display: redirect
cf-cache-status: DYNAMIC
cf-request-id: 0a7c9e0ff800004eb0e3341000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dofKSwrrdGP4irMxs%2BRHQPnvJY7rc8%2FlXVFVxHw3Ce31fBOmiIxxDEUiRH6di%2FTF5WYGsWJYpl5sOZYru4rlzM5C6a1D%2BZAjb6ckbTKldLwmlR8TaqjEgbx%2FM8O%2F8QwOvDIe%2FFJvLPxfskdI%2BQPQJy7rfIE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65a7992cbb624eb0-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 65ms
29ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

5d3b1e91595e00d961f95eee4229b527cb8790f1e5718734ea0c85ffb69471cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "893 / 309 of 1000 / last-modified: 1622844595"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21373
x-xss-protection: 0
expires: Sat, 05 Jun 2021 07:13:27 GMT

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 224 KB
64 KB 61ms
32ms Script
application/javascript 2606:4700:3032::ac43:b890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=oftmedia,oneVideo,onemobile,onetag,pulsepoint,sovrn,unruly&cb=194-2-22
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 028bcd6013f269405d16cd666da0aef9e0a679fefb2f0d4081f8c26557ed281c

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 330176
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6uuLuhi8TNUjo2U8bRRVuDQrYAr76aupJqxNbs95MMv0%2Bzy2xfvb3MIwo3jQ4suuV7ckCF%2Fh%2BEUrM1Yvjxdg8N8xedv6nQOwTZg3FgYJi3lJYUrx7hSzKwevB9W8OtVbcczTkLlF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 65a799339e682ba1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a7c9e144100002ba1f2ac1000000001

GET
H2 200 banger.js Show response
returnsandrefund.com/porpoiseant/ 43 KB
10 KB 18ms
18ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509

Request headers

:path: /porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 147 KB
49 KB 53ms
53ms Stylesheet
text/css 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc

Request headers

:path: /wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
x-sol: orig
age: 63809
x-ezoic-cdn: Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182
x-cache: HIT
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
response: 200
last-modified: Sat, 05 Jun 2021 03:13:23 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
display: staticcontent_sol, orig_site_sol
x-cache-hits: 17

GET
H2 200 css
fonts.googleapis.com/ 5 KB
736 B 29ms
29ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 07:10:37 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:27 GMT

GET
H2 200 jquery-1.12.4-wp.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/ 95 KB
32 KB 446ms
446ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

:path: /wp-content/cache/busting/1/wp-includes/js/jquery/jquery-1.12.4-wp.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 58442
x-ezoic-cdn: Bypass
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-cache-hits: 870
x-middleton-response: 200
response: 200
last-modified: Sat, 05 Jun 2021 06:15:16 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
expires: Sat, 04 Jun 2022 14:59:25 GMT

GET
H2 200 responsive-menu-c1e228c238344335eaf7288b4e454a0f.js Show response
returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/ 765 B
529 B 70ms
70ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48

Request headers

:path: /wp-content/cache/min/1/wp-content/themes/eleven40-pro/js/responsive-menu-c1e228c238344335eaf7288b4e454a0f.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
age: 63810
x-ezoic-cdn: Hit ds;ms;c5ae736beb74dda836b2ae3f904f7066;2-200400-0;a1470e90-952b-4279-654b-419cd8c77462
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 315
response: 200
last-modified: Sat, 05 Jun 2021 03:49:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 17

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-150748452-1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

00834e89b818cb5b5dea65a46a887c482b4ef7f0469799e4d54e308c6e73f62f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35966
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 05 Jun 2021 07:13:27 GMT

GET
H2 200 cookieconsent.min.js Show response
returnsandrefund.com/ezoic/ 4 KB
2 KB 16ms
16ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

:path: /ezoic/cookieconsent.min.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
last-modified: Fri, 28 May 2021 04:19:14 GMT
server: nginx/1.16.0
etag: "11a4-5c35c2da8d480-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 1707
expires: Sun, 05 Jun 2022 07:13:27 GMT

GET
H2 200 wp-polyfill.min-7.4.4.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/ 97 KB
32 KB 449ms
449ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Request headers

:path: /wp-content/cache/busting/1/wp-includes/js/dist/vendor/wp-polyfill.min-7.4.4.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 58442
x-ezoic-cdn: Bypass
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-cache-hits: 862
x-middleton-response: 200
response: 200
last-modified: Sat, 05 Jun 2021 04:13:19 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
expires: Sat, 04 Jun 2022 14:59:25 GMT

GET
H2 200 index-4e981829b016000918dd61f7ac7dab7e.js Show response
returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 44ms
43ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805

Request headers

:path: /wp-content/cache/min/1/wp-content/plugins/contact-form-7/includes/js/index-4e981829b016000918dd61f7ac7dab7e.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 63809
x-ezoic-cdn: Hit ds;mm;eb5c2d7020fda4533e4f2c14e95b4e90;2-200400-0;5b01d4fa-47c3-42bc-5e82-738e78695add
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 3778
response: 200
last-modified: Fri, 04 Jun 2021 19:59:24 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 17

GET
H2 200 hoverIntent.min-1.8.1.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/ 1 KB
511 B 387ms
385ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4

Request headers

:path: /wp-content/cache/busting/1/wp-includes/js/hoverIntent.min-1.8.1.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 58443
x-ezoic-cdn: Bypass
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-cache-hits: 862
x-middleton-response: 200
content-length: 447
response: 200
last-modified: Fri, 04 Jun 2021 20:11:17 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
expires: Sat, 04 Jun 2022 14:59:25 GMT

GET
H2 200 superfish.min-1.7.10.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 4 KB
2 KB 44ms
42ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327

Request headers

:path: /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.min-1.7.10.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 25317
x-ezoic-cdn: Hit ds;mm;74aa522f6903ecede49f6fe26e67f571;2-200400-0;e1f0d140-2976-4678-542e-a4865edc8a22
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 1743
response: 200
last-modified: Sat, 05 Jun 2021 02:11:15 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 10

GET
H2 200 superfish.args.min-3.3.3.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/ 132 B
240 B 43ms
40ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5

Request headers

:path: /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/menu/superfish.args.min-3.3.3.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 25317
x-ezoic-cdn: Hit ds;mm;741c3197cbcdb4fa3069ff8bd82b4d2a;2-200400-0;55f39d27-536f-4174-407e-ce1b2e1ef5f0
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 102
response: 200
last-modified: Sat, 05 Jun 2021 05:11:21 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 10

GET
H2 200 skip-links.min-3.3.3.js Show response
returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/ 386 B
318 B 48ms
46ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb

Request headers

:path: /wp-content/cache/busting/1/wp-content/themes/genesis/lib/js/skip-links.min-3.3.3.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 25317
x-ezoic-cdn: Hit ds;mm;9dd6d85aaaabfbd9a62c43b4c9b53dea;2-200400-0;6c89b136-13a7-40f4-7c44-442d51efe6eb
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 188
response: 200
last-modified: Sat, 05 Jun 2021 06:10:12 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 10

GET
H2 200 wp-embed.min.js Show response
returnsandrefund.com/wp-includes/js/ 1 KB
737 B 348ms
346ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/wp-includes/js/wp-embed.min.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 58443
x-ezoic-cdn: Bypass
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-cache-hits: 857
x-middleton-response: 200
content-length: 663
response: 200
last-modified: Sat, 05 Jun 2021 03:13:23 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,Origin
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
display: staticcontent_sol, staticcontent_sol
expires: Sat, 04 Jun 2022 14:59:25 GMT

GET
H3-29 200 pubads_impl_2021060301.js Show response
securepubads.g.doubleclick.net/gpt/ 312 KB
109 KB 58ms
30ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jun 2021 08:37:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112073
x-xss-protection: 0
expires: Sat, 05 Jun 2021 07:13:28 GMT

GET
H2 200 nmash.js
returnsandrefund.com/porpoiseant/ 33 KB
9 KB 20ms
20ms Other
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/nmash.js?v=19
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

:path: /porpoiseant/nmash.js?v=19
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: same-origin
accept: */*
cache-control: no-cache
sec-fetch-dest: worker
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:27 GMT
content-encoding: br
last-modified: Fri, 28 May 2021 04:19:14 GMT
server: nginx/1.16.0
etag: "854d-5c35c2da8d480;5c3fd06fb814c-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
561 B 72ms
31ms Script
text/javascript 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: b5e4aec19200c66d3acf503a7cb771f73ae4f970898876499d8a526650f5bf7f

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
last-modified: Sat, 05 Jun 2021 05:11:22 GMT
server: nginx/1.16.0
etag: 32a01ebb402041a180275f8b7b3e92a6
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cache-control: max-age=999999, private
content-length: 276
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H2 200 cmb.js Show response
returnsandrefund.com/detroitchicago/ 111 KB
28 KB 28ms
27ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 20fcafa957f7e79a33b95d2a92fd1b4410750b78cc632a5bff5a22b8491b1757

Request headers

:path: /detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 return-logo-2.png
returnsandrefund.com/wp-content/uploads/2019/03/ 1 KB
1 KB 76ms
76ms Image
image/png 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/uploads/2019/03/return-logo-2.png
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8

Request headers

:path: /wp-content/uploads/2019/03/return-logo-2.png
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 6520
x-ezoic-cdn: Hit ds;ms;dfcf52210967f019fd4ce3feb2e0509c;2-200400-0;58130387-7f1b-4994-430f-8f272559e8bf
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 1075
response: 200
last-modified: Sat, 05 Jun 2021 03:49:27 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: image/png
cache-control: public, max-age=31536000
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 6

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v36/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 18:36:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 20:31:14 GMT
server: sffe
age: 304640
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16016
x-xss-protection: 0
expires: Wed, 01 Jun 2022 18:36:08 GMT

GET
H2 200 0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v17/ 34 KB
35 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v17/0QIvMX1D_JOuMwr7Iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lora%3A400%2C700%7COswald%3A400&ver=3.3.3&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 01:42:50 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 22:52:25 GMT
server: sffe
age: 279038
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35284
x-xss-protection: 0
expires: Thu, 02 Jun 2022 01:42:50 GMT

GET
H2 200 download-1.png
returnsandrefund.com/wp-content/uploads/2020/02/ 3 KB
3 KB 45ms
45ms Image
image/png 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/uploads/2020/02/download-1.png
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849

Request headers

:path: /wp-content/uploads/2020/02/download-1.png
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
age: 39359
x-ezoic-cdn: Hit ds;dm;502accaecac65cd023d490ab18d798a5;2-200400-0;f26c5b44-29ec-47d0-4284-f337eec4ce43
x-cache: HIT
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
content-length: 2981
response: 200
last-modified: Sat, 05 Jun 2021 03:08:23 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: image/png
cache-control: public, max-age=31536000
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150748452-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 125
date: Sat, 05 Jun 2021 07:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sat, 05 Jun 2021 09:11:23 GMT

GET
H2 200 houston.js Show response
returnsandrefund.com/detroitchicago/ 3 KB
1 KB 18ms
17ms Script
application/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/houston.js?gcb=2&cb=36
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa

Request headers

:path: /detroitchicago/houston.js?gcb=2&cb=36
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1163

GET
H2 200 download-4.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 12 KB
12 KB 45ms
45ms Image
image/jpeg 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/uploads/2020/02/download-4.jpg
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080

Request headers

:path: /wp-content/uploads/2020/02/download-4.jpg
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
last-modified: Fri, 04 Jun 2021 20:00:12 GMT
server: nginx/1.16.0
age: 39359
x-ezoic-cdn: Hit ds;dm;42dbe1ec3ee9c20d6caedbd1281216e7;2-200400-0;50204df6-d861-48db-7f70-35f7831b4a70
x-cache: HIT
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 8

GET
H2 200 images-2.jpg
returnsandrefund.com/wp-content/uploads/2020/02/ 9 KB
9 KB 60ms
59ms Image
image/jpeg 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/uploads/2020/02/images-2.jpg
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5

Request headers

:path: /wp-content/uploads/2020/02/images-2.jpg
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
response: 200
last-modified: Sat, 05 Jun 2021 05:11:22 GMT
server: nginx/1.16.0
age: 39359
x-ezoic-cdn: Hit ds;dm;7b4b808955c5813402eef6c10ded310c;2-200400-0;d541490f-856b-4e98-67a9-2c89e345f29f
x-cache: HIT
content-type: image/jpeg
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: public, max-age=31536000
x-middleton-response: 200
display: staticcontent_sol, staticcontent_sol
x-cache-hits: 7

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 25ms
8ms Script
application/javascript 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sat, 12 Jun 2021 07:13:28 GMT

GET
H2 200 imp.gif Show response
returnsandrefund.com/detroitchicago/ 43 B
128 B 23ms
22ms XHR
image/gif 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C22%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Berlin%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22efc2314d-9378-4b08-45e4-1ad0860dd326%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2210178%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A49018%2C%22response_time_orig%22%3A336%2C%22serverid%22%3A%2218.185.101.164%3A17167%22%2C%22state%22%3A%22BE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1622877207%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path: /detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%2221%2C5%2C3%2C22%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Berlin%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A200400%2C%22domain_test_group%22%3A20210304%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22efc2314d-9378-4b08-45e4-1ad0860dd326%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2210178%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A49018%2C%22response_time_orig%22%3A336%2C%22serverid%22%3A%2218.185.101.164%3A17167%22%2C%22state%22%3A%22BE%22%2C%22sub_page_ad_positions%22%3A%221100%2C1101%2C1102%2C1103%2C1112%22%2C%22t_epoch%22%3A1622877207%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Freturnsandrefund.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A2043%2C%22worst_bad_word_level%22%3A0%7D
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
H2 200 841ee1dfdec3fbc473772577a8b3240b.css
returnsandrefund.com/wp-content/cache/min/1/ 64 KB
64 KB 43ms
42ms Image
text/css 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returnsandrefund.com/wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/cache/min/1/841ee1dfdec3fbc473772577a8b3240b.css
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
x-sol: orig
age: 63809
x-ezoic-cdn: Hit ds;mm;889a1bc78332af14281e81a2291c4a35;2-200400-0;5932bbef-8f7a-40e7-465e-640e73949182
x-cache: HIT
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
response: 200
last-modified: Fri, 04 Jun 2021 20:11:25 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding,User-Agent,Origin
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
display: staticcontent_sol, orig_site_sol
x-cache-hits: 17

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 21ms
21ms Script
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 53ms
26ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1769444022&t=pageview&_s=1&dl=https%3A%2F%2Freturnsandrefund.com%2F&ul=en-us&de=UTF-8&dt=All%20About%20Returns%20%26%20Refunds%20-&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1189006099&gjid=1141441751&cid=511337563.1622877208&tid=UA-150748452-1&_gid=744372378.1622877208&_r=1&gtm=2ou621&z=1890171896

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
104 B 16ms
14ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiMzJhMDFlYmI0MDIwNDFhMTgwMjc1ZjhiN2IzZTkyYTYifV19XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV90YWciLCJ2YWwiOiJlbi1VUyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJsYW5ndWFnZV9wcmltYXJ5X3N1YnRhZyIsInZhbCI6ImVuIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6InVuaXZlcnNhbF91c2VyX2lkIiwidmFsIjoiMzJhMDFlYmI0MDIwNDFhMTgwMjc1ZjhiN2IzZTkyYTYifV19XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:27 UTC

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
427 B 73ms
23ms Script
application/javascript 2600:9000:218f:e000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218f:e000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 04 Jun 2021 16:58:24 GMT
via: 1.1 c554699ee704a19f7545cb8005037199.cloudfront.net (CloudFront)
age: 51305
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: CDG52-P2
accept-ranges: bytes
x-amz-cf-id: nJ9oQatSoLbCatsdpatMgQS2VlZneBrdDge9PxFdOuHJeaDcfuzfLg==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 62ms
29ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 62ms
29ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 945 B
305 B 473ms
473ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=1925683601068231&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-box-2%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=300x250%2C580x400&prev_scp=a%3D%257C2%257C%26iid2%3D190967%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-190967%26eb_br%3D5297de5240aa45da173a0792747e0d26%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D850%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%7Ca%3D%257C254%257C%26iid3%3D237767%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-237767%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D1000%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622866394&dt=1622877208198&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=650%2C345&adys=80%2C920&adks=3330214951%2C3214824028&ucis=1%7C2&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250%7C809x400&msz=300x250%7C580x400&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0%2C0&ohw=0%2C0&btvi=0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0be40eed25fc4181dee9b371f0dd68ec9b39e194ae148ee4664acac9538d97d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
google-lineitem-id: -2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 81ms
27ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 476 B
283 B 512ms
511ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=2414225461701947&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=a%3D%257C2%257C%26iid3%3D224567%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-224567%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D1000%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1622866394&dt=1622877208212&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

90a079cdd2ca46509eba6bbb8e728a57770277be6b33bbcc59d5c4e5b081d2bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=1681008659;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-780107261-1622877208241;pbcn=u;pbc=;ns=0...
pixel.quantserve.com/ 35 B
371 B 16ms
14ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1681008659;labels=Domain.returnsandrefund_com%2CDomainId.200400;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Freturnsandrefund.com%2F;uht=2;fpan=1;fpa=P0-780107261-1622877208241;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=returnsandrefund.com;je=0;sr=1600x1200x24;dst=1;et=1622877208241;tzo=-120;ogl=

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:28 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 dark-bottom.css
returnsandrefund.com/ezoic/styles/ 3 KB
831 B 17ms
16ms Stylesheet
text/css 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/ezoic/styles/dark-bottom.css
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

:path: /ezoic/styles/dark-bottom.css
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: br
last-modified: Fri, 28 May 2021 04:19:14 GMT
server: nginx/1.16.0
etag: "bd7-5c35c2da8d480-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 725

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
0 70ms
38ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gfp_cw_status&domain=returnsandrefund.com&host=returnsandrefund.com&success=1

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
19 B 16ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjUxOSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA4NSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiOSJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiI1MzYifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiI4NzEifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiODcyIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMTU5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiMTU5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjUxOSJ9LHsibmFtZSI6InBlcmZfY29ubmVjdF90b19yZXNwX3N0YXJ0IiwidmFsIjoiMTA4NSJ9LHsibmFtZSI6InBlcmZfcmVzcF90aW1lIiwidmFsIjoiOSJ9LHsibmFtZSI6InBlcmZfaW50ZXJhY3RpdmUiLCJ2YWwiOiI1MzYifSx7Im5hbWUiOiJwZXJmX2NvbnRlbnRsb2FkZWQiLCJ2YWwiOiI4NzEifSx7Im5hbWUiOiJwZXJmX2NvbXBsZXRlIiwidmFsIjoiODcyIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X3BhaW50IiwidmFsIjoiMTU5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJmaXJzdF9jb250ZW50ZnVsX3BhaW50IiwidmFsIjoiMTU5NiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2VmZmVjdGl2ZV90eXBlIiwidmFsIjoiNGcifV19XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=8ad31204d7014cc8-22f2cc1857c8002d:T=1622877208:S=ALNI_MZaE-PA5-psgzxpZJNaKnaQ6GLeXA
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:27 UTC

GET
H2 200 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
42 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTA4OSJ9XX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9kb3dubGluayIsInZhbCI6IjEwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fcnR0IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImRhdGEiOlt7Im5hbWUiOiJ0aW1lcl9maXJzdF9hZF9yZXF1ZXN0IiwidmFsIjoiMTA4OSJ9XX1d
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezouspva=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=8ad31204d7014cc8-22f2cc1857c8002d:T=1622877208:S=ALNI_MZaE-PA5-psgzxpZJNaKnaQ6GLeXA
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:28 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 65ms
34ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78fe29c75cb7fad2243e9e9c77d2010db285f8878dce5b3505a6771d667deefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8197
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 58ms
26ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sat, 05 Jun 2021 07:13:28 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 0A68 12 KB
5 KB 26ms
26ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returnsandrefund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://returnsandrefund.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sat, 05 Jun 2021 06:56:05 GMT
expires: Sun, 05 Jun 2022 06:56:05 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1043
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0205 783 B
783 B 28ms
28ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8edeeaef7ca773e76968abb5127bf8348e2e156e061a23d2a7213285478474fa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-39F249BO+8XJ+u9Ds0Omrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returnsandrefund.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://returnsandrefund.com/

Response headers

expires: Sat, 05 Jun 2021 07:13:28 GMT
date: Sat, 05 Jun 2021 07:13:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-39F249BO+8XJ+u9Ds0Omrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0A68 14 KB
6 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 03 Jun 2021 16:41:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 138727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 03 Jun 2022 16:41:21 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021060301&jk=3975595968037918&bg=!1Nel15PNAAY6sG-_OrA7ACkAdvg8Wiysf9KEBs8_jS5NjHLHQ1bX5nwrTJHKh6rn4TpVupkDe-TvXAIAAABDUgAAAAhoAQcKAOqHSVJticmu-XHWNiuDUywuP4WmnNmZgkyqM8XMcXNdy65PRFI1yocSSCy_k4lmAw-Fl1WO1hhdLn_pKQINYEEeEU-I5Tx8dLUTnb2_64ulPXh4e8viAcN7AVlUK5Pmx3Uwy9NV8LFumTwRTB3eMXsGoH_ofC12JuCb9qOI8rGzafsRYr5OROqB-xLC80Gd52n9EC-VbLECeigJCUWgdVojjBVIYXwmeFPUDPxD7ZtqAz0cgr7s2gnP-m509KHHagR_vKNyJjp0NdvLn1MwRjee30TApTAtS_05rT_4bGD79m5zrnTmrccEo9GZAlFAlrCA7hMxvc4yZjFg7fhcaNhRnK1bcs-88GmXusdGF5LvvCFA8j5fJFg8SKRm_STPntJtqr3ECQATi6pNCQn7L81ASbqfjLL3DH1fMWVKRuHqEYcXAFWbxXpACiEGRk1QfJGBl-ahQUis_kNv2JfGYkH_sV9yXzfHQKcvUxNJkyhNVN_c3DlLPSvhK3oKUYIldmlcNaubZV8q5qLPFZB1K78hkNVtB54aZfeAWs-zBplKdiLs5GWOBC3HEzmj7z_INmtqrXB_9_ooegYiSqQZ-a2ZK23xAQeAHS4Lw1obuSQYCw6kv4kscqdLQwErpl866yrZ3OklMo7GgBasxhNPTdt1f_IuB3Ol7QdfF8ko3df-gRw9KHGPImLSagc-doNK619D5fL-4gA6wA22oP232PBl31X3LqWEeCBEesu8zfPUd0Eajm6RI0i1J_ALPQzIZFzxcAK9tSe0CLqETbx8K_zWhhGf-FVzohjedScR_GRV8HqdrvX9KAoD9Onbh2dqaarajbnpTfuEuKn1fGPmKMeKkmvYZQPWdQXGYefVDni6aOds-vEwuB5dbsl14SiU6xjGRbHrPXrhfnTvzAO5esuibaaiX5AORGUGPmqB00wE9viveie40A9GIAW6A7MabL5c2wYvWlqr0NvoQF5aNtBlXmzXeerzhmrq9CWxPJLLFjPV3WFz08PL6ln0SSdDF5pLZva-4qZtmIjbUSYtkbPM9Hb9ELtV16Fmg8t-XkAzv29kiZLfy1zBjHjCfl10LcHdNxffK6_amLKzqkFnwQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 55ms
28ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 54ms
27ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 459 B
270 B 540ms
539ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=3242887979412577&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=a%3D%257C2%257C%26iid3%3D224567%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-224567%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D500%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%26lb%3D1000%26reqt%3D1622877211228&eri=1&cookie=ID%3Df538341dbd8591de-22e0d0b957c80021%3AT%3D1622877208%3AS%3DALNI_MZHbQ_oZO-kMpRAJGa1kUFDcIwwbw&bc=31&abxe=1&lmt=1622866394&dt=1622877211232&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e59623403699fd6e1c6ed076672d6d1fd14971926ccb36661b3427461a841b63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 460 B
270 B 452ms
452ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=3522938933587304&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=3&rcs=1&prev_scp=a%3D%257C254%257C%26iid3%3D237767%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-237767%26eb_br%3D5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D500%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C23%26lb%3D1000%26reqt%3D1622877211233&eri=1&cookie=ID%3Df538341dbd8591de-22e0d0b957c80021%3AT%3D1622877208%3AS%3DALNI_MZHbQ_oZO-kMpRAJGa1kUFDcIwwbw&bc=31&abxe=1&lmt=1622866394&dt=1622877211235&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

dfbf8802a94bba4d9eb8598e9b4d5e8ad83af8555ca544a2ffa54a0d04cbfd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
260 B 408ms
408ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=1620330722782965&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=a%3D%257C2%257C%26iid2%3D190967%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-190967%26eb_br%3D8b07bae800b215e481d05a271b3e723b%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D700%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%2C21%2C22%26lb%3D850%26reqt%3D1622877211237&eri=1&cookie=ID%3Df538341dbd8591de-22e0d0b957c80021%3AT%3D1622877208%3AS%3DALNI_MZHbQ_oZO-kMpRAJGa1kUFDcIwwbw&bc=31&abxe=1&lmt=1622866394&dt=1622877211238&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8001243c2423555ffbde33c7dcbfbee5172cd151b1c997088240b606a3a1eefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 351 B
183 B 317ms
317ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=4377555857603674&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=2&prev_scp=a%3D%257C254%257C%26iid3%3D237767%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-237767%26eb_br%3D9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D180%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C23%2C20%2C21%2C22%2C23%26lb%3D500%26reqt%3D1622877211738&eri=1&cookie=ID%3Df538341dbd8591de%3AT%3D1622877208%3AS%3DALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA&bc=31&abxe=1&lmt=1622866394&dt=1622877212760&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8a6bd83dd27b04cd5e53b877e9781ea1138c1299f5beec42f82bf53419e7b791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
11 KB 395ms
395ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=3637301753444959&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=2&rcs=2&prev_scp=a%3D%257C2%257C%26iid2%3D190967%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1112%26sap%3D1112%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D3%26at%3Dbf%26adr%3D399%26ezosn%3D4%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dreturnsandrefund_com-box-2-190967%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D0%26bvm%3D1%26bvr%3D1%26shp%3D1%26acptad%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D81%2C206%2C169%2C27%2C50%2C122%2C88%2C20%2C26%2C180%2C205%2C31%26deal1%3D23%2C24%2C25%2C26%2C919%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%26lb%3D700%26reqt%3D1622877211744%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3Df538341dbd8591de%3AT%3D1622877208%3AS%3DALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA&bc=31&abxe=1&lmt=1622866394&dt=1622877212765&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=650&adys=80&adks=3330214951&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1140x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

dd6dcd0fc6267fe78159f31b39afb06276c0a27f8e26a9c1d88ea65b981e3edd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10900
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 52 KB
12 KB 405ms
404ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=3845112831161598&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=2&prev_scp=a%3D%257C2%257C%26iid3%3D224567%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-2-224567%26eb_br%3D3ba982fc4238dd4197b1d51b345478dc%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D50%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%2C0%2C28%2C67%2C45%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C893%2C899%2C903%2C917%2C918%2C919%2C17%2C19%2C20%26lb%3D500%26reqt%3D1622877211776&eri=1&cookie=ID%3Df538341dbd8591de%3AT%3D1622877208%3AS%3DALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA&bc=31&abxe=1&lmt=1622866394&dt=1622877212779&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1108&adks=3121120320&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

777b952f5a48ab4be8fee424f3f072c881d5b20facd25f679f01066f6ace3396

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11966
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame 7D95 191 KB
54 KB 45ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88045
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 7D95 12 KB
5 KB 43ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 7D95 87 KB
27 KB 56ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 7D95 4 KB
2 KB 57ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 7D95 41 KB
13 KB 54ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 7D95 1 KB
444 B 49ms
47ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

773742236477ed8ae8083562c6bccb8c270f0873859a3f412fbef6feea92440b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 06:57:57 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:33 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 7D95 1 KB
444 B 69ms
67ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

773742236477ed8ae8083562c6bccb8c270f0873859a3f412fbef6feea92440b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 06:51:44 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:33 GMT

GET
DATA 200
OK truncated
/ Frame 7D95 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f241de2d57032b196746f0729a61b41f0b9c1075e454cd8e24bd4130735f470

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame 7D95 1 KB
755 B 8ms
5ms Image
image/svg+xml 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 08:21:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341509
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 08:21:44 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7D95 0
0 26ms
24ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CyRR6HCS7YMjSMdOrgQf3toSACrf69e1izNXn6ecNo6Ky0esBEAEg9PnGJWCV-vCBjAegAdzoypoDyAEGqQJIATbgpb-3PuACAKgDAcgDCqoE3wFP0IDH7_v0W3v50qJ7XyHwVfdHyeq-Sjn41v34tz8cipCfukJx5MUD3i4BMRRdQn9D9ymwPt70gY5SXlnq_kNw_OCJZJWmeH7lnDNX9NMX53_eCvDvwK8jYsvZj9NVh3rgtDwHUx8bZao2YzsDfHfWzArMTGJYafj3Xu4DmT7DNvbfVd8MbpGlQavO72q7dDLVGyGdKqOE381qMbY_9hbbWlU5OhZ5GhS4VnqgOC2HOIGGRzO7g37e4ffcHaZJ9d8wnJwN-fY8JQUJGlX8m_OzXgEtYgER7BZVHsUS8TwXwASlvbv3xgPgBAGgBjeAB7CK7NUBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEJmzMtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAdgTA9AVAYAXAbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=gBMg-foqtOk&template_id=492
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7D95 0
0 22ms
20ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTZm4JNMRPFxGkrBKfD6lE5UAfnCmcUuM7C9e_YKfAhm-fI5y4VVGd2s01SflyVKZ-YwREmBLQ5eVPU4ibHuvvxmkmIBw
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7D95 2 KB
2 KB 8ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 3841
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 06 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7D95 295 B
319 B 8ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 38169
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 05 Jun 2021 20:37:24 GMT

GET
H2 200 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
19 B 19ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjU2MjEifV19XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjU2MjEifV19XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:32 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
65 B 17ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAuMDAwMDAyLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDcsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODIwODU2NzAyMSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjA4NTY3MDIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODIwODU2NzAyMSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJ6ZXJvIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAuMDAwMDAyLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDcsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODIwODU2NzAyMSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MjA4NTY3MDIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTA5NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMTIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo3MTYxNDM5NCwiY3JlYXRpdmVfaWQiOjEzODIwODU2NzAyMSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNzE2MTQzOTQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:32 UTC

GET
H2 200 71614394 Show response
g.ezoic.net/dac/ 0
93 B 53ms
17ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/71614394
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 05 Jun 2021 07:13:33 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 18ms
17ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA1In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA1In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 16ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTMsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjcwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDE4LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0fV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTMsImFkX3Bvc2l0aW9uIjoxMTEyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjg1MCwiYmlkX2Zsb29yX3ByZXYiOjcwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6MywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDE4LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjcxNjE0Mzk0fV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezouspvv=0; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspva=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame D863 191 KB
54 KB 33ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88045
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame D863 12 KB
4 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame D863 87 KB
27 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame D863 4 KB
2 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame D863 41 KB
13 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame D863 3 KB
578 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 05:25:14 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:33 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D863 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 3841
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 06 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D863 295 B
319 B 8ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 38169
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 05 Jun 2021 20:37:24 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12087847303570191283/ Frame D863 3 KB
3 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12087847303570191283/downsize_200k_v1?w=195&h=102

Requested by

Host: returnsandrefund.com
URL: https://returnsandrefund.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ddfffdedf3c667f52656f64e294949cbb95f72a833c87b7dfc7fd4bf75f30ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 00:38:45 GMT
x-content-type-options: nosniff
age: 282888
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2938
x-xss-protection: 0
last-modified: Thu, 20 May 2021 08:09:52 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 00:38:45 GMT

GET
DATA 200
OK truncated
/ Frame D863 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D863 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2fd37fe993a73195e439916b883ad98b84bea45db628a3ac300280536dd08379

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D863 0
0 30ms
23ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CwWmaHCS7YMHyMsbF-gbcj6PgAtvilYhj2PrazqEOtKrmss4TEAEg9PnGJWCV-vCBjAegAYyRq_QCyAEJqQKljNEhqGm0PuACAKgDAcgDCqoE3wFP0IEzl5uAlCE7eRRInW0wPuNI-jgNf3H06Rkil_ui5ouMxrLEJJV7MqdmoCPisKUGe5vRNEfXrnI-z77s0Svc9fR2-qYh8hxytcYzOds4wqeauTyyY61Zk7TyqiZpK_-Zv1EnvSkSNBndAQXGooMARrfcoHXESUSWdIvvy1GGSS2lWozfuJTTsUnu-AgD5mRZW6kneGZcqRzP-V9lHRbI5ZiCCdh1r1zv3VNAqtraPzhJlJx_6DSyBi9Vtik9P4z9z-bGyGNR7HZDxLiaTyUy2RHLm_WpmhoAPBzUvsvwwASqsJu4twPgBAGgBi6AB9S66-IBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEK-dTtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAbgTiCfYEwPQFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=MT3znXxJB4I&template_id=5000
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
14ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIzYmE5ODJmYzQyMzhkZDQxOTdiMWQ1MWIzNDU0NzhkYyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA1LCJiaWRfZmxvb3JfcHJldiI6MC4wMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiIzYmE5ODJmYzQyMzhkZDQxOTdiMWQ1MWIzNDU0NzhkYyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDUsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA1LCJiaWRfZmxvb3JfcHJldiI6MC4wMDUsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 44ms
42ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 05 Jun 2021 07:13:33 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 17ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA1In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTA2LTA1In0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii0xMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:32 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 17ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTMsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2Ijo1MDAsImJpZF9mbG9vcl9maWxsZWQiOjUwLCJhdWN0aW9uX2NvdW50IjozLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0NTEsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTMsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2Ijo1MDAsImJpZF9mbG9vcl9maWxsZWQiOjUwLCJhdWN0aW9uX2NvdW50IjozLCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0NTEsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:32 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 31ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 31ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 351 B
183 B 178ms
178ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=1566157309691782&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=1&rcs=3&prev_scp=a%3D%257C254%257C%26iid3%3D237767%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-237767%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D18%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C23%2C20%2C21%2C22%2C23%2C17%2C18%2C19%2C20%2C21%2C22%2C23%26lb%3D180%26reqt%3D1622877213269&eri=1&cookie=ID%3Df538341dbd8591de%3AT%3D1622877208%3AS%3DALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA&bc=31&abxe=1&lmt=1622866394&dt=1622877213273&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6a0122d9c947f83c9717f9751192d37b61926c2fd9eaf83ca0cbea6119d4c3ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 7D95 44 KB
44 KB 28ms
27ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400&lang=en

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 01:56:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
age: 278221
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
expires: Thu, 02 Jun 2022 01:56:32 GMT

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D863 21 KB
21 KB 30ms
30ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 21:07:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 295534
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Wed, 01 Jun 2022 21:07:59 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame D863 21 KB
21 KB 33ms
33ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 17:27:26 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 308767
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Wed, 01 Jun 2022 17:27:26 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7D95
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

33ms
33ms

Image
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Sat, 05 Jun 2021 07:13:33 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 40933678460698624
tpc.googlesyndication.com/simgad/ Frame 7D95 1 KB
755 B 6ms
5ms Image
image/svg+xml 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/40933678460698624

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 08:21:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341509
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Thu, 26 Oct 2017 18:18:20 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 08:21:44 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7D95 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 3841
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 06 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7D95 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 38169
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 05 Jun 2021 20:37:24 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D863 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 3841
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 06 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D863 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 38169
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 05 Jun 2021 20:37:24 GMT

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyOTUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyNDU2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQyIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIyOTUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIyNDU2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzQyIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjY1MCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiODAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMzQ1In0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiI5MjAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTEwMCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoidHJ1ZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:33 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:32 UTC

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7D95 0
0 28ms
27ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CA2p1HCS7YMjSMdOrgQf3toSACrf69e1izNXn6ecNo6Ky0esBEAEg9PnGJWCV-vCBjAegAdzoypoDyAEGqQJIATbgpb-3PuACAKgDAaoE3wFP0IDH7_v0W3v50qJ7XyHwVfdHyeq-Sjn41v34tz8cipCfukJx5MUD3i4BMRRdQn9D9ymwPt70gY5SXlnq_kNw_OCJZJWmeH7lnDNX9NMX53_eCvDvwK8jYsvZj9NVh3rgtDwHUx8bZao2YzsDfHfWzArMTGJYafj3Xu4DmT7DNvbfVd8MbpGlQavO72q7dDLVGyGdKqOE381qMbY_9hbbWlU5OhZ5GhS4VnqgOC2HOIGGRzO7g37e4ffcHaZJ9d8wnJwN-fY8JQUJGlX8m_OzXgEtYgER7BZVHsUS8TwXwASlvbv3xgPgBAGgBjeAB7CK7NUBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEJmzMtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAdgTA9AVAYAXAbIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=45N0wNBdoNY&vt=1&template_id=492
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 7D95 42 B
64 B 47ms
47ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdd_fd1bbAaPpnPfW3uyysic3ZLbK3mFoKomG6g4mRjJhHXAe6xD5hEHI7WNFI27mj3WTYgDNyHEFjoYIPOCGo8TThNou12MEvvX_6zWOrrgLofNPKmJfYvTlFhXWNYzQypTzDUEyWil2qftqbMVD-&sai=AMfl-YT3f9EPijEQEwNDODHdWz9A4Ndlw9-aSuR9DDd6ZVN003p8mJEdOWa7tdsQOGamdicRul2-0AD7n2tbNmgJo3GVJJAwzMQbi5depATJl_UQvL_DajqIV9mPZAFx&sig=Cg0ArKJSzM_3MxH6dYjREAE&cid=CAASF-RoP_P6bpqMg5fXxmp29--Eglz4LMmO&id=ampim&o=650,80&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=74&tls=1075&g=100&h=100&tt=1075&r=v&avms=ampa&adk=3330214951

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D863 0
0 24ms
24ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=COTYUHCS7YMHyMsbF-gbcj6PgAtvilYhj2PrazqEOtKrmss4TEAEg9PnGJWCV-vCBjAegAYyRq_QCyAEJqQKljNEhqGm0PuACAKgDAaoE3wFP0IEzl5uAlCE7eRRInW0wPuNI-jgNf3H06Rkil_ui5ouMxrLEJJV7MqdmoCPisKUGe5vRNEfXrnI-z77s0Svc9fR2-qYh8hxytcYzOds4wqeauTyyY61Zk7TyqiZpK_-Zv1EnvSkSNBndAQXGooMARrfcoHXESUSWdIvvy1GGSS2lWozfuJTTsUnu-AgD5mRZW6kneGZcqRzP-V9lHRbI5ZiCCdh1r1zv3VNAqtraPzhJlJx_6DSyBi9Vtik9P4z9z-bGyGNR7HZDxLiaTyUy2RHLm_WpmhoAPBzUvsvwwASqsJu4twPgBAGgBi6AB9S66-IBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEK-dTtIICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tNTg5MzI5NDQ2MjA2MTE0MIAKA8gLAbgTiCfYEwPQFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=ChNkR8T7PQY&vt=1&template_id=5000
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D863 42 B
64 B 43ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstOV3ytzvbWEdpQhetxviZcIzSKWz8928PnkabcxEVAchB7lWTqUU_MsxnevCpqMblE6DGTano4Xm9r2Xea6AmfntgoAooRbkG2pTilYxVW5JCC8eG5ZHiCIE0Xt0_SFm8qT8IUVVEwROgpqe1mIu1&sai=AMfl-YQ1yj1M2DNeG8qrCqYX_JABUT4DTc-VahNKqgNQpfA_lp2pcoBmklaGzE-uI-fSfgcM3MPQwZWpSwyApaNw0AC1m0aNt5vbvLfOD8XDEC-LbKO1Eww_Frg-RIIU&sig=Cg0ArKJSzOmea_TgGwv1EAE&cid=CAASF-RoFEIitxFyptOtDG3Rs-89kATgx3dz&id=ampim&o=315,1108&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1005&mtos=0,0,1005,1005,1005&tos=0,0,1005,0,0&tfs=57&tls=1062&g=100&h=100&tt=1062&r=v&avms=ampa&adk=3121120320

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 20ms
20ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTExMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:34 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 22ms
21ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:34 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:34 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwOTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTEyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NzE2MTQzOTQsImNyZWF0aXZlX2lkIjoxMzgyMDg1NjcwMjEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:34 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:33 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjI0NTY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMjQ1NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspva=2; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:34 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:34 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returnsandrefund.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 07:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 451ms
451ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3975595968037918&correlator=2259209767413264&output=ldjh&impl=fifs&eid=31060784%2C31061371%2C31061142&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210605&iu_parts=1254144%2Creturnsandrefund_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=580x400&ris=2&rcs=4&prev_scp=a%3D%257C254%257C%26iid3%3D237767%26t%3D134%26d%3D200400%26t1%3D134%26pvc%3D0%26ap%3D1101%26sap%3D1101%26as%3Drevenue%26plat%3D1%26bra%3Dmod11%26ic%3D5%26at%3Dbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dreturnsandrefund_com-medrectangle-3-237767%26eb_br%3Dzero%26eba%3D1%26ebss%3D10017%2C10061%2C11304%2C11307%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D1%26br1%3D0%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%2C13%2C120%2C67%2C51%2C0%2C66%2C20%2C71%2C30%2C0%2C31%26deal1%3D24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C903%2C919%2C21%2C22%2C23%2C20%2C21%2C22%2C23%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C17%2C18%2C19%2C20%2C21%2C22%2C23%26lb%3D18%26reqt%3D1622877213776%26ss38%3D1%26ss9%3D1&eri=1&cookie=ID%3Df538341dbd8591de%3AT%3D1622877208%3AS%3DALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA&bc=31&abxe=1&lmt=1622866394&dt=1622877214780&dlt=1622877207586&idt=595&frm=20&biw=1600&bih=1200&oid=3&adxs=345&adys=920&adks=3214824028&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Freturnsandrefund.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=809x400&msz=580x400&ga_vid=511337563.1622877208&ga_sid=1622877208&ga_hid=1769444022&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

b20938873ebdaffebf4d8eb690121abc5b256176f6c03032b3bf7628616f7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10931
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://returnsandrefund.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame E89B 191 KB
54 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88047
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E89B 12 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88049
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E89B 87 KB
27 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88049
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E89B 4 KB
2 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88049
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E89B 41 KB
13 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 88049
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame E89B 7 KB
741 B 29ms
28ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 07:05:33 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:35 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame E89B 5 KB
688 B 28ms
27ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 05 Jun 2021 07:12:10 GMT
server: ESF
date: Sat, 05 Jun 2021 07:13:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 05 Jun 2021 07:13:35 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E89B 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 05 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 3843
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sun, 06 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E89B 295 B
319 B 8ms
8ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 04 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 38171
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 05 Jun 2021 20:37:24 GMT

GET
DATA 200
OK truncated
/ Frame E89B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfe8e9ca25b2ef51d3bf0378deceb4e22b5be918d0458f0ace63ac663a072ed0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E89B 0
0 23ms
23ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=ClcpuHiS7YMC-Mte5gAebsaSwBvfW6I9jp4GI-PsN4v_51N0lEAEg9PnGJWCV-vCBjAegAYKCls0CyAEBqQKljNEhqGm0PuACAKgDAcgDCqoE4QFP0LqijAvWNRBFWEa3R8cr-ZIeU5nc4Tlf1vmWiFCUs_PD9Eqk19FQUYhFVpQ8-hvZdR48CPuJxMIolJTSRL0k4BqVhOnXHqS4u40KWpbBcisiKdRKfTnjR8E1YWdMqoWMGbLoacHyEtODVCAzoTkZOyxSsqmV6F9cE5VL3LIt-bfOluAkDi4ThttW3hQUUpN4aG6vQA4wnFiKOV1-MvFxN7py_5pgUIY5g5ctSbHCBUvN6reZNCnDvdnzwhUX18sukHH6C6fRf6FCNIHNnMID_-wDQ3_HXBcFSCiETOUVxsDABK3Z_-fdAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAZRgAfm_emyAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBC2pgHSCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTU4OTMyOTQ0NjIwNjExNDCACgPICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=SUwizSfWn3g
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame E89B 0
0 20ms
19ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaToMcxtVfYsRf2iDRFvtDNhbpdLse_-tl4Ef3AX6XLFwksEBEMFsEnjPL4Bv9rWyiCDv7Kx9B8dCb7XwYDdNiKZu15sKA
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
19 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIzNzc2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NjEwNTg0MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiemVybyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDAwMiwiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJiaWRfZmxvb3JfZmlsbGVkIjowLjAwMDAwMiwiYmlkX2Zsb29yX3ByZXYiOjAuMDAwMTgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIzNzc2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI0NjEwNTg0MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDgxNzczNTQyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspvh=50; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:35 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:34 UTC

GET
H2 200 4817735420 Show response
g.ezoic.net/dac/ 0
40 B 17ms
16ms XHR
text/plain 3.127.76.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4817735420
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/porpoiseant/banger.js?cb=194-2&bv=19&v=51&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.127.76.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-76-126.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 05 Jun 2021 07:13:35 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
54 B 16ms
15ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDYtMDUifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspvh=50; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:35 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:34 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTUsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2IjoxOCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDY0LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImF1Y3Rpb25fZXBvY2giOjE2MjI4NzcyMTUsImFkX3Bvc2l0aW9uIjoxMTAxLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiYmlkX2Zsb29yX2luaXRpYWwiOjEwMDAsImJpZF9mbG9vcl9wcmV2IjoxOCwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDY0LCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjB9XQ==
pragma: no-cache
cookie: ezoadgid_200400=-1; ezoref_200400=; ezoab_200400=mod11; active_template::200400=pub_site.1622877207; ezopvc_200400=1; ezepvv=0; ezovid_200400=874141032; lp_200400=https://returnsandrefund.com/; ezovuuidtime_200400=1622877207; ezovuuid_200400=a2337443-26ea-4880-7ebd-20ef874ace35; ezCMPCCS=true; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; _ga=GA1.2.511337563.1622877208; _gid=GA1.2.744372378.1622877208; _gat_gtag_UA_150748452_1=1; ezosuigeneris=32a01ebb402041a180275f8b7b3e92a6; __qca=P0-780107261-1622877208241; ezux_lpl_200400=1622877208465|efc2314d-9378-4b08-45e4-1ad0860dd326|false; __gads=ID=f538341dbd8591de:T=1622877208:S=ALNI_MaKXC4Fh9V7Nx-o1IaBphUpTa8LgA; ezouspvv=50; ezouspvh=50; ezouspva=3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:35 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:35 UTC

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E89B 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 16:01:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 313914
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Wed, 01 Jun 2022 16:01:41 GMT

GET
H3-29 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame E89B 44 KB
44 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500|Roboto:300&lang=en

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://returnsandrefund.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 01:56:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:20 GMT
server: sffe
age: 278223
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
expires: Thu, 02 Jun 2022 01:56:32 GMT

GET
H2 200 greenoaks.gif Show response
returnsandrefund.com/detroitchicago/ 0
19 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjIzNzQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTE0MDMyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNzEyNyJ9XX1d
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJkb21haW5faWQiOiIyMDA0MDAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjIzNzQwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIzIn0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6IjM5NDMwMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMyJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfcHgiLCJ2YWwiOiIwIn0seyJuYW1lIjoibmF0aXZlX2FkX2RvY19jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJ2aWV3cG9ydF9zaXplIiwidmFsIjoiMTYwMHgxMjAwIn0seyJuYW1lIjoidmlld3BvcnRfcHgiLCJ2YWwiOiIxOTIwMDAwIn0seyJuYW1lIjoiZG9jX3B4IiwidmFsIjoiMTE0MDMyMDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiNzEyNyJ9XX1d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:35 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:34 UTC

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame E89B 42 B
113 B 45ms
45ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssHgRBCvyqSTLGkizdSimRRVZt7VsxfI9Rj7aqnDqB1O3uGi3Z2SujBFMviTzgpG2kauyFScQ8DtvcXfvhno8J0s5-4L6gFZKpnmHyI2aA6rBdKOecO631Iagb82Q&sai=AMfl-YREKdD46Cxb5FL_MwB1tV7sTbM-cu7czVeg_jejHG6kq_js7mezkFjURkbGioT_ardxdOMjRCr_BW2q9Pm3US-eTuUc6KqynATtU-1_Cql8GeUrtY2bvjBw6o9l&sig=Cg0ArKJSzA9XIetEFtxCEAE&cid=CAASF-RoiH2o7GSm7e7qif35AKQZWAcKHh9e&id=ampim&o=345,920&d=580,400&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=41&tls=1041&g=69.9999988079071&h=69.9999988079071&tt=1041&r=v&avms=ampa&adk=3214824028

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 05 Jun 2021 07:13:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 16ms
16ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:36 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:35 UTC

GET
H2 200 army.gif Show response
returnsandrefund.com/porpoiseant/ 0
42 B 18ms
17ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://returnsandrefund.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzU4MCw0MDBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIzNzc2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: returnsandrefund.com
URL: https://returnsandrefund.com/detroitchicago/cmb.js?gcb=194-2&cb=&01&00&03&04&0d&06&07&0a&0c&0e&14&18&23&25&01-100-303-1004-10d-506-507-70a-30c-30e-214-318-1223-125-21&cmbcb=14
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjM3NzY3IiwiZG9tYWluX2lkIjoiMjAwNDAwIiwidW5pdCI6ImRpdi1ncHQtYWQtcmV0dXJuc2FuZHJlZnVuZF9jb20tbWVkcmVjdGFuZ2xlLTMtMCIsInRfZXBvY2giOjE2MjI4NzcyMDcsImFkX3Bvc2l0aW9uIjoxMTAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImVmYzIzMTRkLTkzNzgtNGIwOC00NWU0LTFhZDA4NjBkZDMyNiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDgxNzczNTQyMCwiY3JlYXRpdmVfaWQiOjEzODI0NjEwNTg0MiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzU4MCw0MDBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMzc3NjciLCJkb21haW5faWQiOiIyMDA0MDAiLCJ1bml0IjoiZGl2LWdwdC1hZC1yZXR1cm5zYW5kcmVmdW5kX2NvbS1tZWRyZWN0YW5nbGUtMy0wIiwidF9lcG9jaCI6MTYyMjg3NzIwNywiYWRfcG9zaXRpb24iOjExMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZWZjMjMxNGQtOTM3OC00YjA4LTQ1ZTQtMWFkMDg2MGRkMzI2IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0ODE3NzM1NDIwLCJjcmVhdGl2ZV9pZCI6MTM4MjQ2MTA1ODQyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIzNzc2NyIsImRvbWFpbl9pZCI6IjIwMDQwMCIsInVuaXQiOiJkaXYtZ3B0LWFkLXJldHVybnNhbmRyZWZ1bmRfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjIyODc3MjA3LCJhZF9wb3NpdGlvbiI6MTEwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJlZmMyMzE0ZC05Mzc4LTRiMDgtNDVlNC0xYWQwODYwZGQzMjYiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ4MTc3MzU0MjAsImNyZWF0aXZlX2lkIjoxMzgyNDYxMDU4NDIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: returnsandrefund.com
referer: https://returnsandrefund.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://returnsandrefund.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 07:13:36 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Fri, 04 Jun 2021 07:13:36 UTC

Verdicts & Comments Add Verdict or Comment

220 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.returnsandrefund.com/	1970-01-20 12:19:09	Name: ezosuigeneris Value: 32a01ebb402041a180275f8b7b3e92a6
.returnsandrefund.com/	1970-01-20 04:12:26	Name: __qca Value: P0-780107261-1622877208241
.returnsandrefund.com/	1970-01-19 18:49:23	Name: _gid Value: GA1.2.744372378.1622877208
.returnsandrefund.com/	1970-01-19 18:47:57	Name: _gat_gtag_UA_150748452_1 Value: 1
.returnsandrefund.com/	1970-01-20 12:19:09	Name: _ga Value: GA1.2.511337563.1622877208
returnsandrefund.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.returnsandrefund.com/	1970-01-20 03:33:33	Name: ezCMPCCS Value: true
returnsandrefund.com/	1970-01-22 08:07:09	Name: ezohw Value: w%3D1600%2Ch%3D1200
.returnsandrefund.com/	1970-01-19 18:47:59	Name: ezovuuid_200400 Value: a2337443-26ea-4880-7ebd-20ef874ace35
returnsandrefund.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.returnsandrefund.com/	1970-01-19 18:47:59	Name: lp_200400 Value: https://returnsandrefund.com/
.returnsandrefund.com/	1970-01-19 18:50:50	Name: ezovuuidtime_200400 Value: 1622877207
.returnsandrefund.com/	1970-01-19 18:47:59	Name: ezovid_200400 Value: 874141032
.returnsandrefund.com/	1970-01-19 18:49:23	Name: ezepvv Value: 0
.returnsandrefund.com/	1970-01-19 18:48:04	Name: ezoref_200400 Value:
returnsandrefund.com/	1970-01-20 03:33:33	Name: ezux_lpl_200400 Value: 1622877208465\|efc2314d-9378-4b08-45e4-1ad0860dd326\|false
.returnsandrefund.com/	1970-01-19 18:47:59	Name: ezoadgid_200400 Value: -1
.returnsandrefund.com/	1970-01-19 18:50:50	Name: active_template::200400 Value: pub_site.1622877207
returnsandrefund.com/	1970-01-22 08:07:09	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.returnsandrefund.com/	1970-01-19 18:47:59	Name: ezopvc_200400 Value: 1
.returnsandrefund.com/	1970-01-19 18:48:04	Name: ezoab_200400 Value: mod11

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://returnsandrefund.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5d2b01625c54c0d3009ed0dd94b2e22b.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
cdn-4.returnsandrefund.com
cdn.ampproject.org
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
go.ezodn.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
pixel.quantserve.com
returnsandrefund.com
rules.quantcount.com
secure.quantserve.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
142.250.185.130
18.156.95.187
2600:9000:218f:e000:6:44e3:f8c0:93a1
2606:4700:3032::ac43:b890
2606:4700:3037::6815:4d7e
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:802::200a
2a00:1450:4001:803::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
3.127.76.126
00834e89b818cb5b5dea65a46a887c482b4ef7f0469799e4d54e308c6e73f62f
028bcd6013f269405d16cd666da0aef9e0a679fefb2f0d4081f8c26557ed281c
09fba596f1ba572cf4b3ceb9c1f3962d1b75bbb4a6d6d7707f1f93e2fe889aee
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0be40eed25fc4181dee9b371f0dd68ec9b39e194ae148ee4664acac9538d97d9
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
1f241de2d57032b196746f0729a61b41f0b9c1075e454cd8e24bd4130735f470
20550f7bcb2a817ac9a5879e04260da8268e971c0b8031a6b7a2f48a55ee60d5
20fcafa957f7e79a33b95d2a92fd1b4410750b78cc632a5bff5a22b8491b1757
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2fd37fe993a73195e439916b883ad98b84bea45db628a3ac300280536dd08379
31f7540a6075e6f34980199d420271d13d923801da426c060ed01732042a96b8
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37d29979cc13eac68ee8339830a9685021bdb74db368b1a9bb0be3db71818d63
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
457f55ea0c6f05fbf9093f1535e1da2c627530ddbeb46c27a0fb8aef5b7e2805
495d2f8c8b7f1bbd664c2c10c086a644e63e4934b9734813b27956a34709eea4
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d3b1e91595e00d961f95eee4229b527cb8790f1e5718734ea0c85ffb69471cd
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6a0122d9c947f83c9717f9751192d37b61926c2fd9eaf83ca0cbea6119d4c3ee
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
76db825b68979b9ea6cc55fa14373b7bf5e3beb7388cd2efa485938bb2a389fb
773742236477ed8ae8083562c6bccb8c270f0873859a3f412fbef6feea92440b
777b952f5a48ab4be8fee424f3f072c881d5b20facd25f679f01066f6ace3396
78fe29c75cb7fad2243e9e9c77d2010db285f8878dce5b3505a6771d667deefa
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8001243c2423555ffbde33c7dcbfbee5172cd151b1c997088240b606a3a1eefb
83e1fc06d61560e19649771db56bc018fc7fdb56e98f3a9f74505230a8f35060
8a6bd83dd27b04cd5e53b877e9781ea1138c1299f5beec42f82bf53419e7b791
8c63493b034323da08e44455885820239e72b10f9fb8b857e8313008f4d6fac5
8e424541604f9439f054eb9e4e78925da8c4d2a77985f642f9f4b5f025424d48
8edeeaef7ca773e76968abb5127bf8348e2e156e061a23d2a7213285478474fa
90a079cdd2ca46509eba6bbb8e728a57770277be6b33bbcc59d5c4e5b081d2bc
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
9ddfffdedf3c667f52656f64e294949cbb95f72a833c87b7dfc7fd4bf75f30ff
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9f762334ff28e79eb7547f6ddb109583d35e0ea3600b71406ca233fb57c12458
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a965454ed27194420a23bd494e396653825da3850d9d9258d6464dd5e4f26bfc
aae0182c26976e1c13794585a46019e9d25477b9f55e9c49631243c48e978ae2
ade38136058fcd75880d3673855aff859ee377d5915e59cccf24a973d418bebb
b04c10e9ef56b9200c56cc5141fe6d712ec85a8d90c0fe5b98fbf9ebe2873cc0
b20938873ebdaffebf4d8eb690121abc5b256176f6c03032b3bf7628616f7e7a
b5e4aec19200c66d3acf503a7cb771f73ae4f970898876499d8a526650f5bf7f
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bfe8e9ca25b2ef51d3bf0378deceb4e22b5be918d0458f0ace63ac663a072ed0
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c63c08ec376a1c99ee774ecbd488d3c33396ea42f8ad0e984179916a2e252849
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd6dcd0fc6267fe78159f31b39afb06276c0a27f8e26a9c1d88ea65b981e3edd
dfbf8802a94bba4d9eb8598e9b4d5e8ad83af8555ca544a2ffa54a0d04cbfd6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59623403699fd6e1c6ed076672d6d1fd14971926ccb36661b3427461a841b63
ece565a1f66a32347dfed83562c428ff7736648de72b0027dd8f0e0f27e0c327
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efca4b1d7c19af67aa04f4a6ef3f9db4c8d3bea417a00240009db7ed26280080
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f4ecce62a254717c7a9b2107c356c7c874eb36725c9cbc4280f7ffc8dfb06509

returnsandrefund.com Open in urlscan Pro 18.156.95.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

98 %HTTPS

86 %IPv6

14 Domains

20 Subdomains

21 IPs

2 Countries

1130 kBTransfer

2968 kBSize

21 Cookies

2 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

returnsandrefund.com Open in urlscan Pro
18.156.95.187 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

98 %
HTTPS

86 %
IPv6

14
Domains

20
Subdomains

21
IPs

2
Countries

1130 kB
Transfer

2968 kB
Size

21
Cookies

144 HTTP transactions
1 data transactions