dutyrefunds.crisp.help Open in urlscan Pro
2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dutyrefunds.crisp.help/
Effective URL:
https://dutyrefunds.crisp.help/en/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On September 05 via api (September 5th 2023, 2:20:05 am UTC) from DE — Scanned from DE

Summary HTTP 70 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 21 IPs in 5 countries across 17 domains to perform 70 HTTP transactions. The main IP is 2606:4700:90:0:8fa5:a1b5:8782:d1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is dutyrefunds.crisp.help.
TLS certificate: Issued by R3 on July 6th 2023. Valid for: 3 months.

This is the only time dutyrefunds.crisp.help was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:90:... 2606:4700:90:0:8fa5:a1b5:8782:d1e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
5	143.198.240.73 143.198.240.73	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
19	52.222.236.94 52.222.236.94	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
8	2606:4700::68... 2606:4700::6812:1d5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:20:... 2606:4700:20::ac43:4a7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:b0c0:1:e... 2a03:b0c0:1:e0::2c8:7001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
70	21

2 2606:4700:90:0:8fa5:a1b5:8782:d1e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dutyrefunds.crisp.help	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.198.240.73 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

dutyrefunds.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 52.222.236.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-94.fra56.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:1d5b (United States)

ASN13335 (CLOUDFLARENET, US)

client.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
storage.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4a7f (United States)

ASN13335 (CLOUDFLARENET, US)

static.crisp.help	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:b0c0:1:e0::2c8:7001 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

v2.clickguardian.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 5578	131 KB
8	crisp.chat client.crisp.chat — Cisco Umbrella Rank: 18315 storage.crisp.chat — Cisco Umbrella Rank: 314131	180 KB
8	crisp.help 1 redirects dutyrefunds.crisp.help static.crisp.help — Cisco Umbrella Rank: 384326	88 KB
5	dutyrefunds.co.uk dutyrefunds.co.uk	37 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	21 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6457	625 B
3	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 3238	821 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 374	13 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 stats.g.doubleclick.net — Cisco Umbrella Rank: 87	2 KB
3	gstatic.com fonts.gstatic.com	69 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	262 B
2	clickguardian.app v2.clickguardian.app — Cisco Umbrella Rank: 118097	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 169	88 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	185 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 733	30 KB
70	17

	Domain	Requested by
19	widget.trustpilot.com	dutyrefunds.crisp.help widget.trustpilot.com
6	static.crisp.help	dutyrefunds.crisp.help static.crisp.help
6	client.crisp.chat	dutyrefunds.crisp.help client.crisp.chat
5	dutyrefunds.co.uk	dutyrefunds.crisp.help
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.google.de	dutyrefunds.crisp.help
3	bat.bing.com	www.googletagmanager.com bat.bing.com dutyrefunds.crisp.help
3	fonts.gstatic.com	fonts.googleapis.com
2	www.facebook.com	dutyrefunds.crisp.help
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google.com	dutyrefunds.crisp.help
2	v2.clickguardian.app	dutyrefunds.crisp.help v2.clickguardian.app
2	connect.facebook.net	dutyrefunds.crisp.help connect.facebook.net
2	www.googletagmanager.com	dutyrefunds.crisp.help www.googletagmanager.com
2	storage.crisp.chat	dutyrefunds.crisp.help
2	fonts.googleapis.com	dutyrefunds.crisp.help
2	dutyrefunds.crisp.help	1 redirects
1	cdnjs.cloudflare.com	v2.clickguardian.app
1	region1.analytics.google.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	code.jquery.com	dutyrefunds.crisp.help
70	21

This site contains links to these domains. Also see Links.

Domain
dutyrefunds.co.uk
www.linkedin.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
dutyrefunds.crisp.help R3	`2023-07-06` - `2023-10-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.dutyrefunds.co.uk E1	`2023-08-21` - `2023-11-19`	3 months	crt.sh
*.trustpilot.com Amazon RSA 2048 M02	`2023-02-02` - `2024-03-02`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
crisp.chat Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-12` - `2024-05-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-14` - `2023-09-12`	3 months	crt.sh
v2.clickguardian.app Sectigo RSA Domain Validation Secure Server CA	`2022-09-23` - `2023-10-24`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://dutyrefunds.crisp.help/en/
Frame ID: 6433134CCB61A4992EB42651C8D7B1E8
Requests: 53 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
Frame ID: D4084E1A3FB32D1253210D44F7DEA149
Requests: 7 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
Frame ID: DC107CF9CFCEE89B4C850D72D95A18F0
Requests: 6 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
Frame ID: E77A9C9F6217A4696B67817799D73456
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4DE51291E512B68C9396DF7B199F4840
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FAQ – Duty Refunds

Page URL History Show full URLs

http://dutyrefunds.crisp.help/ HTTP 307
https://dutyrefunds.crisp.help/ HTTP 301
https://dutyrefunds.crisp.help/en/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

fingerprint(\d)?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

70
Requests

100 %
HTTPS

90 %
IPv6

17
Domains

21
Subdomains

21
IPs

5
Countries

858 kB
Transfer

2804 kB
Size

11
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://dutyrefunds.co.uk/
Title: For shoppers

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/
Title: For business

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/about-us/
Title: About Us

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/reclaim-customs-charges/
Title: Reclaim customs charges

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/import-duty-calculator/
Title: Duty calculator

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/faq/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/glossary/
Title: Glossary

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/blog/
Title: Blog

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/forms/new/
Title: Get my refund

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/auth/login/
Title: Log-in

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/86001882

Search URL Search Domain Scan URL

URL: https://twitter.com/DutyRefunds

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dutyrefunds

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/our-story/
Title: Our story

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/
Title: Solutions

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/ship-to-uk-with-ddu/
Title: UK via DDU

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/ship-to-uk-with-ddp/
Title: UK via DDP

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/guides/
Title: Guides

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/directory/
Title: Partner directory

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/become-a-partner/
Title: Partner with us

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/help/
Title: Help

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/terms/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dutyrefunds.crisp.help/ HTTP 307
https://dutyrefunds.crisp.help/ HTTP 301
https://dutyrefunds.crisp.help/en/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

70 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dutyrefunds.crisp.help/en/
Redirect Chain

http://dutyrefunds.crisp.help/
https://dutyrefunds.crisp.help/
https://dutyrefunds.crisp.help/en/

76 KB
17 KB

35ms
34ms

Document
text/html

2606:4700:90:0:8fa5:a1b5:8782:d1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:90:0:8fa5:a1b5:8782:d1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

nginx /

Resource Hash

7482a7ba8ab358ee049414bd94a9d26704ed33304578a3c728bfabf543e0c690

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 05 Sep 2023 02:19:59 GMT
etag: W/"12f4f-sEWQEEK6SMH+T46rOkGa3k9il5Y"
server: nginx
strict-transport-security: max-age=2592000
vary: Accept-Encoding
x-crisp-ray: a571bdb9-903f-4f7f-be96-fdafa85d2e94
x-page-cache-status: MISS

Redirect headers

cache-control: public, max-age=60
content-length: 64
content-type: text/html; charset=utf-8
date: Tue, 05 Sep 2023 02:19:59 GMT
location: /en/
server: nginx
strict-transport-security: max-age=2592000
vary: Accept
x-crisp-ray: a9cdeb29-1d65-4ffb-bb05-32519dad6c16
x-page-cache-status: MISS

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 48ms
17ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ecfc48ab5315e179e1948be2aecc95b3afc29ae1413a2024abb9b1706df9ff0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Sep 2023 02:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 01:13:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Sep 2023 02:19:59 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
559 B 48ms
18ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lexend:wght@300;400&display=swap

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9a9a384d68784f54bf0e37114e98f001cb91d974f101d01a7310836831d9a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Sep 2023 02:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 02:19:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Sep 2023 02:19:59 GMT

GET
H2 200 tailwind.min.css
dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/ 74 KB
15 KB 482ms
103ms Stylesheet
text/css 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/tailwind.min.css

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

6698f19fe1b63dfb7ed6524cb435feb18430630e67d886d4b850761e38f8c38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,dcf9e7155f9b2cb5675c21da8797d0ed53b98cd8b08c6ba8d0d23ab4d0e1729d
cf-cache-status: HIT
ki-edge: v=20.2.0;mv=2.2.2
x-content-type-options: nosniff
age: 1592264
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Apr 2023 13:51:07 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"643565cb-12747"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=urfdf3C3LoBSuW8onWKvm9JVtaiiAXzzECsU0F2IWcyC1qC006hUwfwmLOfBj3HiwOuU%2BcN3h%2BiWfn%2B95Gpww4%2BKSA%2FOqzuT0Y45FND0%2FtVJ0uIIpyLr4LSgr2Btohd2jSZ4Cwc9GN7OXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 801afd91a8554185-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/ 22 KB
4 KB 499ms
120ms Stylesheet
text/css 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/style.min.css

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3b8f035379750a0058e8b9a351f27979854c7ab0691cc6695091d60f5940988d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,31d55e174ea6a67b139dbad8dc3f7e6da0f0cf004c1a6817f5e712bcb39c2da2
cf-cache-status: MISS
ki-edge: v=20.2.0;mv=2.2.2
x-content-type-options: nosniff
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,31d55e174ea6a67b139dbad8dc3f7e6da0f0cf004c1a6817f5e712bcb39c2da2
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 22 May 2023 06:00:58 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"646b051a-576c"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RHvRJhCt7%2FHSXIdqXz04t3yCVK3JXM1yRiyT649LYIvHf7%2B8g4h1EMzuRUTk%2Fu2We1B8w0%2FvHovR6Grbv8%2FCKRwEwags6nRGbWgUJvyX%2BreFgPU1q9z34tVh9BxRBNPvg2poLs4dF9t2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 801afd91ac3448be-LHR
ki-cf-cache-status: SAVING
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 21 KB
7 KB 69ms
14ms Script
application/x-javascript 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b58109431c3adc92bccc460ac5dc394dc4f0979d24656f7a52503e6c77709d0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 03:08:58 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 83462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6676
x-xss-protection: 1; mode=block
last-modified: Wed, 03 May 2023 13:48:29 GMT
server: AmazonS3
etag: "befec09eb386fc68a0869c8d1b529dd6"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: PIMKNCZOdMbxDuuyYsPn1P5WJ8cozMbu-6VS9PlOU9e6E7yHj0xmIw==

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 43ms
12ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://dutyrefunds.crisp.help/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1693880399.dop131.fr8.t,1693880399.cds130.fr8.hn,1693880399.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 l.js Show response
client.crisp.chat/ 8 KB
3 KB 71ms
20ms Script
application/javascript 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/l.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b8dfd7d1836c2847e7e9e4ce2c97cc258ecc2fa232ee023e7454f160f9caaec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 28497
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 24 Aug 2023 11:12:52 GMT
server: cloudflare
etag: W/"64e73b34-2022"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd92abad912a-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 06 Sep 2023 02:19:59 GMT

GET
H2 200 libs.min.css
static.crisp.help/stylesheets/libs/ 18 KB
4 KB 57ms
17ms Stylesheet
text/css 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/libs/libs.min.css?caeceb9722987aff7c3c0ea17deb76df5

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69a26dfeef11a4d0448f90548e8ddb45dc26b91498e8c0f54e9e31750d405a0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56936
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 31 Aug 2023 10:22:53 GMT
server: cloudflare
etag: W/"64f069fd-478d"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zS54T%2Bo59lbABPaW4eH1KaWnngHwfr1EXjl2SckUOrWSKxEt4NoRvkmcqylh%2FpkWTuD1pNQ6pgVZ5eVYChz2rczLkfbJ0FJi744bonTPOpQaUSMEgxHvMEpqYoU5hNQSEHg8ZWKwvuSwoNh4aH%2Bg"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd8f9f361e56-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 10:25:53 GMT

GET
H2 200 common.min.css
static.crisp.help/stylesheets/site/common/ 135 KB
22 KB 58ms
19ms Stylesheet
text/css 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/site/common/common.min.css?c64a040901083e89794551de3bfac16c1

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da6380267cb12d204033308270f9169b4fde46e15105c20aa7d7b362e24dd9c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56936
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 31 Aug 2023 10:22:54 GMT
server: cloudflare
etag: W/"64f069fe-21c68"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HppQH6BHEymOmXiGdfnTPDJik6%2FV5bEc7mYfViGYqhjqCqv5oBV41PYDq0ILnVMNQV8ffOAMz%2BYbVGfHaJbB09%2Bs8MkF%2BLdc%2Fn%2FFIoRtRfL3Rf5MJ%2F4QZ0BUpuWfZOjtuvjd45FZ0%2F824ZdmVFsP"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd8f9f371e56-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 10:26:18 GMT

GET
H2 200 home.min.css
static.crisp.help/stylesheets/site/home/ 7 KB
2 KB 57ms
18ms Stylesheet
text/css 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/site/home/home.min.css?c5b5231f1ee586986f1889c9a3147832d

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c476ce82db4701cc9871d58109023686f24274c0c9a04b4964e2af0098d1d5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56559
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 31 Aug 2023 10:22:54 GMT
server: cloudflare
etag: W/"64f069fe-1a79"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BmVCXFMIxEN5Ua3XKCjvmwdZbR56T%2BP0siAGBeFchljCHVgEDVyegtk0gEYhVGxhF0W%2F7cC4ZBW%2Br1YxnHtQgsiHndTIz9C9UlGkzyigcR7nvAVtI7IOMXC7fTFvmxyPeFD1jcLx31J8EhcO26T2"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd8f9f381e56-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 10:26:05 GMT

GET
H2 200 libs.min.js Show response
static.crisp.help/javascripts/libs/ 42 KB
15 KB 59ms
21ms Script
application/javascript 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/javascripts/libs/libs.min.js?c271d35e22d71d683bff0ccbd3f712efa

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae2fd0d1d4fd7bb3357ef835ed577d6ffb54a3c13bffb41b49395fc2c20facea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56936
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 31 Aug 2023 10:22:53 GMT
server: cloudflare
etag: W/"64f069fd-a83b"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNXEdfJep3%2BpP72Cnhm8Tp5o6x1RlaSyM9qzsIFSDfn%2FBRL6J%2Bvfk2GkuLghKnCZDVkvgZbNzixISeMU9%2FPbcKJJo3d7h0PhXJhnasxloOruGkaPeuOeSWI0TB%2BVxxl0Cgzg5Pj2iSl9lwNz33Qd"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd8f9f3a1e56-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 10:26:18 GMT

GET
H2 200 common.min.js Show response
static.crisp.help/javascripts/site/common/ 12 KB
4 KB 55ms
16ms Script
application/javascript 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/javascripts/site/common/common.min.js?cf28218567674290519d87e90b75eae2c

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a030cf5e76efcf3201bc863106a427adece71128cdbbb3e7a2d5ae03fdeb9f4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 56936
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 29 Aug 2023 10:40:00 GMT
server: cloudflare
etag: W/"64edcb00-31e0"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtcSsveOwjuHm9iEtPvWpFvlzgkOmFAVnpKkTKfnrE95Mcen2ku2m7w7GbA%2BWlyPtgfwX0SK9P6iDri9uoZEhT5Alo5S036%2BGdS29NzUOxsrquxFKAtYFSWu%2Fa7iZzrlHcQ1UloOsTZRLlYKchDD"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd8f9f3b1e56-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 10:25:53 GMT

GET
H2 200 untitled-design-6_12x73zq.png
storage.crisp.chat/users/helpdesk/website/cc162312e17de000/ 17 KB
17 KB 620ms
581ms Image
image/png 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://storage.crisp.chat/users/helpdesk/website/cc162312e17de000/untitled-design-6_12x73zq.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcfde325dd12a40cdb171ec4c28f90c3c2153266aa90087312f44c6d8d97e051

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
content-security-policy: block-all-mixed-content
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 1781DF3FE1F72985
cross-origin-resource-policy: cross-origin
content-disposition: attachment
alt-svc: h3=":443"; ma=86400
content-length: 17149
x-xss-protection: 1; mode=block
x-amz-bucket-region: us-east-1
x-amz-meta-resized: 1
last-modified: Tue, 20 Dec 2022 16:16:19 GMT
server: cloudflare
etag: "5a3ad7d3c8e917d164c2c4770059f9bc-1"
vary: Origin, Accept-Encoding
content-type: image/png
x-minio-deployment-id: a6243527-74e0-45ae-9c42-75295f4f8846
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 801afd92ad274dbb-FRA
expires: Fri, 02 Sep 2033 02:20:00 GMT

GET
H2 200 site-logo-light_18wdn7h.svg
storage.crisp.chat/users/helpdesk/website/cc162312e17de000/ 11 KB
5 KB 593ms
555ms Image
image/svg+xml 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://storage.crisp.chat/users/helpdesk/website/cc162312e17de000/site-logo-light_18wdn7h.svg

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b7cef5b7d3431c9dc12951d2eaf7eb2b5903d9747282bc85c514e7f90be541

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
content-security-policy: block-all-mixed-content
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 1781DF3FDF1AD7E7
cross-origin-resource-policy: cross-origin
content-disposition: attachment
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-amz-bucket-region: us-east-1
last-modified: Tue, 19 Apr 2022 08:31:04 GMT
server: cloudflare
etag: W/"64a71b12566d4f55834bbad308d470c1"
vary: Accept-Encoding, Origin
content-type: image/svg+xml
x-minio-deployment-id: a6243527-74e0-45ae-9c42-75295f4f8846
cache-control: public, max-age=315360000
cf-ray: 801afd92ad294dbb-FRA
expires: Fri, 02 Sep 2033 02:20:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 299 KB
97 KB 61ms
32ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc144067afef769e99b6ac5ad91e1a3975da87a5984ebee9d66f0e5df298fed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99184
x-xss-protection: 0
last-modified: Tue, 05 Sep 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Sep 2023 02:19:59 GMT

GET
H2 200 logo-new.png
dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/ 6 KB
7 KB 101ms
100ms Image
image/png 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/logo-new.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1447533f668399339ea2ad5ac9444c0e0cfecf510b03c7823e2c8807a9cee801

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,8714169c64a281b0f6639c99aa614d7461e1538e2463f77238f3027658325722
cf-cache-status: HIT
ki-edge: v=20.2.0;mv=2.2.2
x-content-type-options: nosniff
age: 1264437
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6384
last-modified: Mon, 02 Jan 2023 05:20:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "63b26992-18f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Y5RViXIOxSoqlX85EKLfZ9%2FW6r11VSf%2BDl3P54jPSH5fl4SW2Xwc0uikoyqHOWXVVDZvSrbbaFPSL%2F91%2FANChgm5XQRBV%2BlYrz6ic1SwNBhsPXgTiO6aPFoQSAb4dywzzw7Ud3CskGOfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 801afd928f3a23c0-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo-new-inverted.png
dutyrefunds.co.uk/blog/wp-content/uploads/2023/03/ 7 KB
8 KB 65ms
64ms Image
image/png 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/03/logo-new-inverted.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

60b15cd03dee32d265a7bf3fed6d0b0fe132f9ac1ade5c9f28237ba07d1501c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,36a14e8e3233f00d5fca1bd8163b400f710c2f422d9e127139422359c9f4f498
cf-cache-status: HIT
ki-edge: v=20.2.0;mv=2.2.2
x-content-type-options: nosniff
age: 1357972
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 7536
last-modified: Tue, 28 Mar 2023 08:59:04 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6422ac58-1d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UqTdwoNA4k6iHBOo4gp%2FvcHCBAlQVL3lu1SUHicNVwLosv95T8BpvewqPY62%2Bh3HgZncEUc%2BgoIT%2FxWdRCMO2XqjvL24W8YAkRgOffGJO9c3nZf1jZiwtGp2MZZYKnbrO7W0g5KCCZDyeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 801afd928e388879-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo-white.svg
dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/ 7 KB
4 KB 111ms
111ms Image
image/svg+xml 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/logo-white.svg

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

762d0f4d4732b529145531ec734b67c91d286365d6cbc1ef3f45debf5aeead8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,e3676965b4c6a8f0a36bfc4b13ac694fdfe230b50e5132256a6b412810cfce74
cf-cache-status: HIT
ki-edge: v=20.2.0;mv=2.2.2
x-content-type-options: nosniff
age: 867854
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 02 Jan 2023 04:00:16 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63b256d0-1da4"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xFonMNJ9sUz4wx%2BFKfWGXu7beigi1yBC1IsskrTyIACiCzGSmUCvR1O9tVnO87q0X5LTA856kB3mp%2Ft5z9hfACe3zrxmKICx2Vb%2F1O9VItKuUMN0bDzZfmIBptY%2Fc4xJ99e8OzNzdUQtow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 801afd929cd2769b-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 15 KB
15 KB 57ms
23ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 03:41:01 GMT
x-content-type-options: nosniff
age: 340738
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2024 03:41:01 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
15 KB 44ms
11ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 23:04:46 GMT
x-content-type-options: nosniff
age: 270913
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2024 23:04:46 GMT

GET
H3 200 graphik_regular.woff2
static.crisp.help/fonts/graphik/latin/ 23 KB
24 KB 86ms
64ms Font
application/font-woff2 2606:4700:20::ac43:4a7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/fonts/graphik/latin/graphik_regular.woff2?e83f1bd

Requested by

Host: static.crisp.help
URL: https://static.crisp.help/stylesheets/site/common/common.min.css?c64a040901083e89794551de3bfac16c1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4a7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68e651aa80e6bcd72641c3c030c70f1e94199a567de4f0005343ccc464fb6dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.crisp.help/stylesheets/site/common/common.min.css?c64a040901083e89794551de3bfac16c1
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 23485
last-modified: Tue, 08 Aug 2023 10:18:26 GMT
server: cloudflare
etag: "64d21672-5bbd"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3w%2Fm01OLsiGyg7lVphNO4fn%2F7cbbTdEFizqeri9t0VWkP6kaiOmda1Bydr8wSSqml9B%2Bmwu%2FLWp8nHcm4Qv9SgJnnS3GvtWNzyLjt0P2ehIkP0cmrkzM21mrYNrfllFquPDrdOtyLtNJlg1UOAw2"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 801afd92bb609259-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 06 Sep 2023 02:19:59 GMT

GET
H2 200 wlpwgwvFAVdoq2_v-6QU.woff2
fonts.gstatic.com/s/lexend/v18/ 39 KB
39 KB 45ms
12ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lexend/v18/wlpwgwvFAVdoq2_v-6QU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lexend:wght@300;400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

212cab2c8f18589ea483920adea5f5d180ab007a4140ad723d931dae89d876e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 05:46:01 GMT
x-content-type-options: nosniff
age: 246838
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39808
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:04:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 05:46:01 GMT

GET
DATA 200
OK truncated
/ 389 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98475674c6d2a9db393147c42eced5aad82f5cea318125a407670504c4b84076

Request headers

Referer
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame D408 8 KB
3 KB 15ms
15ms Document
text/html 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1130
cache-control: max-age=86400
content-encoding: gzip
content-length: 2114
content-type: text/html
date: Tue, 05 Sep 2023 02:19:59 GMT
etag: "bbd26c541b063878dddb6095c1f82221"
last-modified: Mon, 08 May 2023 11:42:24 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: O8sjvRftOJnOgxZMJiHZD_3KQPxlz0tUcI3q1-2SVW0gJ7TBdW6ZCg==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame DC10 15 KB
4 KB 15ms
15ms Document
text/html 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17296
cache-control: max-age=86400
content-encoding: gzip
content-length: 3460
content-type: text/html
date: Mon, 04 Sep 2023 21:31:44 GMT
etag: "aa8b1a01ee0848aee02ab9c7adb7cbb7"
last-modified: Mon, 08 May 2023 11:44:28 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: 8eH-ogGalfy3LPaO6BXmSoYO_FjoNg4ZgsUsvNNzkeuRiMRZ6JVsEA==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/ Frame E77A 17 KB
4 KB 44ms
43ms Document
text/html 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

57122b576bc6d35f862f873264573c554aac92a913744201c60027b24bd858c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 946
cache-control: max-age=86400
content-encoding: gzip
content-length: 3826
content-type: text/html
date: Tue, 05 Sep 2023 02:19:59 GMT
etag: "85b348fabe689b8221b4587943ffab87"
last-modified: Mon, 08 May 2023 11:41:36 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-id: JhMdUm7NjWFM45RoSnATBqxh5pmAjmHknOHmHLBIHM2Bbm7bXZ4S3Q==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame D408 54 KB
17 KB 11ms
11ms Script
application/x-javascript 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Sep 2023 19:59:17 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 22843
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 17138
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:42:26 GMT
server: AmazonS3
etag: "732769f238a36cb44705f2d6a18312ee"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: OrQK6xFoVYTmTFYpcl9K3bxZTZi4StbTkWfWEc7Dd9w0a6RKGyuTzA==

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame DC10 110 KB
30 KB 11ms
10ms Script
application/x-javascript 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 00:44:43 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 36589
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 30555
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:44:30 GMT
server: AmazonS3
etag: "593d59ebf05fd63221df2ecd0882018e"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: DFvGkccQY-LALa6UnpPhBsUoO-6vUS2A9U4cBQpYE5G9ueBvFbJljg==

GET
H2 200 client.js Show response
client.crisp.chat/static/javascripts/ 409 KB
102 KB 40ms
37ms Script
application/javascript 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/client.js?f2465fc

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ace51f3edb47c42c13000838f830792beb4bd250fead0cb4fe5dfb34e25f13cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 28497
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 24 Aug 2023 11:12:52 GMT
server: cloudflare
etag: W/"64e73b34-663d6"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd937be7912a-FRA
access-control-allow-headers: Content-Type, Origin
expires: Fri, 02 Sep 2033 02:19:59 GMT

GET
H2 200 client_default.css
client.crisp.chat/static/stylesheets/ 356 KB
48 KB 27ms
24ms Stylesheet
text/css 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/stylesheets/client_default.css?f2465fc

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b77817a3fe88bf0540813538e510446791feaaa454136667991edd77fdbd1e41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 28497
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 29 Aug 2023 18:23:59 GMT
server: cloudflare
etag: W/"64ee37bf-58f60"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd937be6912a-FRA
access-control-allow-headers: Content-Type, Origin
expires: Fri, 02 Sep 2033 02:19:59 GMT

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/ Frame E77A 105 KB
30 KB 15ms
10ms Script
application/x-javascript 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bfa7413ead02f2501d66908e896538ccf31a6034ad4942d0a1c94f8bf4b142df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 01:51:19 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 1721
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 29967
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:41:39 GMT
server: AmazonS3
etag: "72eb9245eeaa878c2bf26d4ca8e62238"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: upQRfT7rgkcUksOQoWk66ZdQmtsllVXKvza87FqBaQrMCfBFVD_2tA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 01:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1817
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 05 Sep 2023 03:49:43 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10782814670/ 3 KB
2 KB 57ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10782814670/?random=1693880399982&cv=11&fst=1693880399982&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&hn=www.googleadservices.com&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&auid=1397196006.1693880400&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965b0ddf93a94472f30a7c899f59c7636e2f75e7316f3550cb3a7539ae863ca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1317
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 98ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 05 Sep 2023 02:19:59 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE5DFBBD39D3453AB28A2CAA68EECDE6 Ref B: FRAEDGE1405 Ref C: 2023-09-05T02:20:00Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 193 KB
52 KB 46ms
15ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 05 Sep 2023 02:20:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 52127
x-xss-protection: 0
pragma: public
x-fb-debug: 9nnbYxOeJsYWLdM3GDS2KGs6zn3XTL6GPavj9DgnaVxtfH4I/e15Ks/ui4hld636iAHAF6c6Bt7bgQk8IHyuWA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK track.js Show response
v2.clickguardian.app/ 4 KB
1 KB 174ms
23ms Script
application/javascript 2a03:b0c0:1:e0::2c8:7001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://v2.clickguardian.app/track.js
Requested by: Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a03:b0c0:1:e0::2c8:7001 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: dcdf62f54440f8c224dcdfb6453c53106600c573d3cb5e4c0ba0d1cafcda3edc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Tue, 05 Sep 2023 02:20:00 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Jan 2020 14:59:56 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: W/"5e25c06c-e6d"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
88 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0bbfd06ecaa5d4e7aeab0a725f6b85d292df3a7e4943cc6ba2d9a18cfe1a2137

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90102
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Sep 2023 02:20:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 19ms
18ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1011879323&t=pageview&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgCI~&jid=1449028714&gjid=421830886&cid=651738718.1693880400&tid=UA-209040626-1&_gid=1466760930.1693880400&_r=1&_slc=1&gtm=45He38u0n81K6DWWTL&z=742302163

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10782814670/ 42 B
455 B 72ms
20ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10782814670/?random=1693880399982&cv=11&fst=1693879200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&fmt=3&is_vtc=1&random=2023872258&rmt_tld=0&ipr=y

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10782814670/ 42 B
455 B 51ms
20ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10782814670/?random=1693880399982&cv=11&fst=1693879200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&fmt=3&is_vtc=1&random=2023872258&rmt_tld=1&ipr=y

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5419b637fa0340045cd0c936 Show response
widget.trustpilot.com/trustbox-data/ Frame D408 941 B
858 B 15ms
15ms XHR
application/json 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/5419b637fa0340045cd0c936?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

08b6417fce3740f6bdacac2c6acd6b983bad82d2d4c91fc38a5db614002fb417

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 05 Sep 2023 02:20:00 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 1322
x-cache: Hit from cloudfront
content-length: 427
x-xss-protection: 1; mode=block
server: Kestrel
etag: "fba3c4da833a3247927057bf670a1f4b"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
x-amz-cf-id: YHc_9kS5KwmxXuOm9a3AH1fyKAxEV07e7cvi7awspfPQDCE6UfUjyA==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame D408 0
321 B 42ms
42ms XHR
text/plain 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&fontFamily=Source%20Sans%20Pro&textColor=%23021873&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: grreVdX03pmLouAR89Ob7EmX9Tatz2xUraGlOMTcfQA34jjuy0S5QQ==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame D408 0
322 B 41ms
40ms XHR
text/plain 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&fontFamily=Source%20Sans%20Pro&textColor=%23021873&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: -BRq95pWXz7J12Wy-A9v0lMq6YfYGt3YGe465JgdEDJE5GsNbIFQ0A==
x-xss-protection: 1; mode=block

GET
H2 204 137024189.js Show response
bat.bing.com/p/action/ 0
115 B 37ms
36ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137024189.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 05 Sep 2023 02:20:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AEF3A2E737C24AB1859F9A1C25D40095 Ref B: FRAEDGE1405 Ref C: 2023-09-05T02:20:00Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 85ms
85ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=137024189&tm=gtm002&Ver=2&mid=f2df7e64-aa1f-48a0-a529-c89a2431e41b&sid=b6f652c04b9211eea81dd3d45ed2c6d2&vid=b6f674a04b9211ee9c02598f7bfdd9b3&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=FAQ%20%E2%80%93%20Duty%20Refunds&p=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&r=&lt=688&evt=pageLoad&sv=1&rn=546599

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 05 Sep 2023 02:20:00 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9AF308E3BC0F4AB2ABD1EC9BE9285648 Ref B: FRAEDGE1405 Ref C: 2023-09-05T02:20:00Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 539ad0ffdec7e10e686debd7 Show response
widget.trustpilot.com/trustbox-data/ Frame DC10 4 KB
2 KB 57ms
56ms XHR
application/json 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/539ad0ffdec7e10e686debd7?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB&reviewLanguages=en&reviewStars=1%2C2%2C3%2C4%2C5&reviewsPerPage=6

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

57319c4608a8e6c0533223e277a55d66891fc5a552e16dd2cd9a7e67ecf8aa3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
etag: "d0a9955b37fab54bb4ebddf870cf09fb"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
content-length: 1348
x-xss-protection: 1; mode=block
x-amz-cf-id: GB52UDqTV1oF8ofBTcbFwz0_Fo2EIJFLSfpUQ3s68D8rtxYFt467Nw==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame DC10 0
323 B 40ms
39ms XHR
text/plain 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=300px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539ad0ffdec7e10e686debd7

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: z6f6k7cFKTMO73MoIS-m6yPGr7FrGIC19ZQxVrOp6QVCOCvFyLDyEg==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame DC10 0
322 B 41ms
40ms XHR
text/plain 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=300px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539ad0ffdec7e10e686debd7

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:19:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: YfoIoSHkweFuMoWFi2XRL8ssWvFcWhSzAtSMfeTk5vqSfWsK6CM8qw==
x-xss-protection: 1; mode=block

GET
H2 200 611817430022152 Show response
connect.facebook.net/signals/config/ 137 KB
36 KB 84ms
84ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/611817430022152?v=2.9.125&r=stable&domain=dutyrefunds.crisp.help

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cab5e35ecf35f67863a3da641ba8a227dc71ed36601529cc2bffcc64945e19d0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 05 Sep 2023 02:20:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: SOb3xCaZRM/JLIQQfmnRwVX1VvMaqOAihhjG+CxBYd4TbjnEutHftZiSim726of8xWKQT7fv3zRR440yXoO5tg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 47ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-WXBEVDSTPQ&gtm=45je38u0&_p=1011879323&_gaz=1&cid=651738718.1693880400&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1693880400&sct=1&seg=0&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dt=FAQ%20%E2%80%93%20Duty%20Refunds&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 64ms
18ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WXBEVDSTPQ&cid=651738718.1693880400&gtm=45je38u0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 22ms
22ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WXBEVDSTPQ&cid=651738718.1693880400&gtm=45je38u0&aip=1&z=251823911

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/prelude/ 212 B
541 B 60ms
60ms Script
application/javascript 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/prelude/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&2023-8-5-4-20

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?f2465fc

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3bae58de87cf59280da249d9ccaa43bdda971be7b70f9e0dfcbf63f1d72e269

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 05 Sep 2023 02:20:00 GMT
server: cloudflare
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd95cdbf9188-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 06:20:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
354 B 58ms
17ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-209040626-1&cid=651738718.1693880400&jid=1449028714&gjid=421830886&_gid=1466760930.1693880400&_u=YEBAAEAAAAAAACgCI~&z=1780683338

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 05 Sep 2023 02:20:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame D408 4 KB
5 KB 12ms
11ms Stylesheet
text/css 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-94.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:00:04 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 4797
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: ljrdeENNdWU8T5PPiEDTJgMgYvoj2SZ1hi2GeiwbNDwD_3WcHwMObQ==

GET
H2 200 539adbd6dec7e10e686debee Show response
widget.trustpilot.com/trustbox-data/ Frame E77A 12 KB
4 KB 93ms
93ms XHR
application/json 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/539adbd6dec7e10e686debee?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB&reviewLanguages=en&reviewStars=1%2C2%2C3%2C4%2C5&reviewsPerPage=20

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

02dc4ea6a18a2619e3446eb6e044abebb6bee9b32ebc683dd1ea94a91f4c3fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 05 Sep 2023 02:19:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
etag: "f87c62a7df1a1fa0d177e5d775047c9a"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
x-amz-cf-id: -dJuy33VrpURtYW3Tt3pHACRYbeaVgjMu0RRbAPLVx5PrN7tBoKGnw==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame E77A 0
322 B 42ms
42ms XHR
text/plain 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=500px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&textColor=%23323232&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F116.0.5845.140%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539adbd6dec7e10e686debee

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-94.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: WgX8tHd74pb6bPhjOywtjN4fl1_UZ10nTHKWQ5ZsgLBVgzJU_eiwoQ==
x-xss-protection: 1; mode=block

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame DC10 4 KB
5 KB 13ms
13ms Stylesheet
text/css 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-94.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:00:04 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 4797
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: DzWSq3bFk-ll0GV894fMsRyl9IIXW5apGnCaphqG8PBpthn9W-wfRQ==

GET
H2 200 fingerprint2.min.js Show response
cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/ 29 KB
10 KB 34ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.min.js

Requested by

Host: v2.clickguardian.app
URL: https://v2.clickguardian.app/track.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 8405246
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 9392
last-modified: Mon, 04 May 2020 16:10:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5c-72e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iYGAfWB6XdKdMv2EaehRqzzDP%2F%2FqjzmGbw7RproKAqUMt0OrJ8lAHJ76fvi8Xy2MXGWxc%2BXaSowqJWxxE8GHfMPZtk92DvAs9vAws%2FIewX%2B7dIf4nTB0BjxnykF9aYM%2BqKXs0qxYpzgnnakIlOJPlbhr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 801afd962c1503b8-FRA
expires: Sun, 25 Aug 2024 02:20:00 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
widget.trustpilot.com/fonts/source-sans-pro/ Frame D408 13 KB
13 KB 9ms
9ms Font
binary/octet-stream 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-94.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Request headers

Referer: https://widget.trustpilot.com/fonts/source-sans-pro.css
Origin: https://widget.trustpilot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Mon, 04 Sep 2023 04:55:59 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 77042
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 13036
last-modified: Thu, 29 Sep 2022 09:41:54 GMT
server: AmazonS3
etag: "0ad032b3d07aaf33b160ac4799dda40f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: sCStmV67PkHtnwUL5KgL5YdUJjBd5YV47keUlqcFmN2O6ncTFTfU9A==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 28ms
8ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=611817430022152&ev=PageView&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&rl=&if=false&ts=1693880400341&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1693880400340.314401011&it=1693880400220&coo=false&rqm=GET

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 05 Sep 2023 02:20:00 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-209040626-1&cid=651738718.1693880400&jid=1449028714&_u=YEBAAEAAAAAAACgCI~&z=1147971950

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 20ms
20ms Image
image/gif 2a00:1450:4001:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-209040626-1&cid=651738718.1693880400&jid=1449028714&_u=YEBAAEAAAAAAACgCI~&z=1147971950

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Sep 2023 02:20:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame E77A 4 KB
5 KB 9ms
8ms Stylesheet
text/css 52.222.236.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-94.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 01:00:04 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 4797
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: OXztDsTsNVPFp4E82vSDqaycO6MGRG3I0deYTT7BapJD3DkBAZyLhQ==

POST
H/1.1 200
OK tracking Show response
v2.clickguardian.app/ 0
316 B 189ms
114ms XHR
text/html 2a03:b0c0:1:e0::2c8:7001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://v2.clickguardian.app/tracking
Requested by: Host: v2.clickguardian.app
URL: https://v2.clickguardian.app/track.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a03:b0c0:1:e0::2c8:7001 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 05 Sep 2023 02:20:00 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
8ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1011879323&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=10%25&el=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&_u=aEDAAEABAAAAACgCIAC~&jid=&gjid=&cid=651738718.1693880400&tid=UA-209040626-1&_gid=1466760930.1693880400&gtm=45He38u0n81K6DWWTL&z=1558632786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 08:28:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64266
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
9ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1011879323&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=25%25&el=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&_u=aEDAAEABAAAAACgCIAC~&jid=&gjid=&cid=651738718.1693880400&tid=UA-209040626-1&_gid=1466760930.1693880400&gtm=45He38u0n81K6DWWTL&z=1153918905

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Sep 2023 08:28:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64266
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/ 2 KB
1 KB 57ms
57ms Script
application/javascript 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&1693848751101

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?f2465fc

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dba81fd1bc4c20680d6ac358b5815650cfde1ad4bce2d2c29efa4c58e2dfa54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 05 Sep 2023 02:20:00 GMT
server: cloudflare
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd97ae9e9188-FRA
access-control-allow-headers: Content-Type, Origin
expires: Tue, 05 Sep 2023 06:20:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 4DE5 0
77 B 10ms
9ms Document
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://dutyrefunds.crisp.help
Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://dutyrefunds.crisp.help
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 05 Sep 2023 02:20:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 en.js Show response
client.crisp.chat/static/javascripts/locales/ 7 KB
3 KB 22ms
22ms Script
application/javascript 2606:4700::6812:1d5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/locales/en.js?f2465fc

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?f2465fc

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:1d5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a753603090aad28986941d9f80877b92ff83ddf99a429c8395dc4581c7dc798

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 02:20:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 28482
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 08 Aug 2023 12:01:16 GMT
server: cloudflare
etag: W/"64d22e8c-1c35"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 801afd9bc89f9188-FRA
access-control-allow-headers: Content-Type, Origin
expires: Fri, 02 Sep 2033 02:20:01 GMT

GET
DATA 200
OK truncated
/ 881 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.crisp.help/	1970-01-20 16:40:56	Name: _gcl_au Value: 1.1.1397196006.1693880400
.doubleclick.net/	1970-01-20 14:31:21	Name: test_cookie Value: CheckForPermission
.crisp.help/	1970-01-20 14:32:46	Name: _gid Value: GA1.2.1466760930.1693880400
.crisp.help/	1970-01-20 14:31:20	Name: _gat_UA-209040626-1 Value: 1
.crisp.help/	1970-01-20 14:32:46	Name: _uetsid Value: b6f652c04b9211eea81dd3d45ed2c6d2
.crisp.help/	1970-01-20 23:52:56	Name: _uetvid Value: b6f674a04b9211ee9c02598f7bfdd9b3
.crisp.help/	1970-01-21 00:07:20	Name: _ga_WXBEVDSTPQ Value: GS1.1.1693880400.1.0.1693880400.60.0.0
.bing.com/	1970-01-20 23:52:56	Name: MUID Value: 2B0927A494F36DC233D4342795986C6F
.crisp.help/	1970-01-20 16:40:56	Name: _fbp Value: fb.1.1693880400340.314401011
.crisp.help/	1970-01-21 00:07:20	Name: _ga Value: GA1.2.651738718.1693880400
.crisp.help/	1970-01-20 18:54:08	Name: crisp-client%2Fsession%2F50b775b2-f69b-4d2f-a529-ab4e10bfc86e Value: session_b62d629c-0d9b-4e4f-9db2-29712f66f2ce

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
cdnjs.cloudflare.com
client.crisp.chat
code.jquery.com
connect.facebook.net
dutyrefunds.co.uk
dutyrefunds.crisp.help
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
region1.analytics.google.com
static.crisp.help
stats.g.doubleclick.net
storage.crisp.chat
v2.clickguardian.app
widget.trustpilot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
143.198.240.73
2001:4860:4802:34::36
2001:4de0:ac18::1:a:2a
2606:4700:20::ac43:4a7f
2606:4700:90:0:8fa5:a1b5:8782:d1e
2606:4700::6811:180e
2606:4700::6812:1d5b
2620:1ec:c11::200
2a00:1450:4001:809::2003
2a00:1450:4001:812::2004
2a00:1450:4001:81c::2003
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:400c:c00::9c
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a03:b0c0:1:e0::2c8:7001
52.222.236.94
02dc4ea6a18a2619e3446eb6e044abebb6bee9b32ebc683dd1ea94a91f4c3fee
054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f
08b6417fce3740f6bdacac2c6acd6b983bad82d2d4c91fc38a5db614002fb417
095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91
0b8dfd7d1836c2847e7e9e4ce2c97cc258ecc2fa232ee023e7454f160f9caaec
0bbfd06ecaa5d4e7aeab0a725f6b85d292df3a7e4943cc6ba2d9a18cfe1a2137
1447533f668399339ea2ad5ac9444c0e0cfecf510b03c7823e2c8807a9cee801
14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2
1dba81fd1bc4c20680d6ac358b5815650cfde1ad4bce2d2c29efa4c58e2dfa54
212cab2c8f18589ea483920adea5f5d180ab007a4140ad723d931dae89d876e5
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
3b8f035379750a0058e8b9a351f27979854c7ab0691cc6695091d60f5940988d
3c476ce82db4701cc9871d58109023686f24274c0c9a04b4964e2af0098d1d5d
4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f
57122b576bc6d35f862f873264573c554aac92a913744201c60027b24bd858c0
57319c4608a8e6c0533223e277a55d66891fc5a552e16dd2cd9a7e67ecf8aa3e
5a753603090aad28986941d9f80877b92ff83ddf99a429c8395dc4581c7dc798
5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba
60b15cd03dee32d265a7bf3fed6d0b0fe132f9ac1ade5c9f28237ba07d1501c1
6698f19fe1b63dfb7ed6524cb435feb18430630e67d886d4b850761e38f8c38a
68e651aa80e6bcd72641c3c030c70f1e94199a567de4f0005343ccc464fb6dcb
69a26dfeef11a4d0448f90548e8ddb45dc26b91498e8c0f54e9e31750d405a0c
73b7cef5b7d3431c9dc12951d2eaf7eb2b5903d9747282bc85c514e7f90be541
7482a7ba8ab358ee049414bd94a9d26704ed33304578a3c728bfabf543e0c690
762d0f4d4732b529145531ec734b67c91d286365d6cbc1ef3f45debf5aeead8a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
965b0ddf93a94472f30a7c899f59c7636e2f75e7316f3550cb3a7539ae863ca0
98475674c6d2a9db393147c42eced5aad82f5cea318125a407670504c4b84076
9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
a030cf5e76efcf3201bc863106a427adece71128cdbbb3e7a2d5ae03fdeb9f4e
a9a9a384d68784f54bf0e37114e98f001cb91d974f101d01a7310836831d9a83
ace51f3edb47c42c13000838f830792beb4bd250fead0cb4fe5dfb34e25f13cb
ae2fd0d1d4fd7bb3357ef835ed577d6ffb54a3c13bffb41b49395fc2c20facea
ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b58109431c3adc92bccc460ac5dc394dc4f0979d24656f7a52503e6c77709d0b
b77817a3fe88bf0540813538e510446791feaaa454136667991edd77fdbd1e41
bcfde325dd12a40cdb171ec4c28f90c3c2153266aa90087312f44c6d8d97e051
bfa7413ead02f2501d66908e896538ccf31a6034ad4942d0a1c94f8bf4b142df
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cab5e35ecf35f67863a3da641ba8a227dc71ed36601529cc2bffcc64945e19d0
da6380267cb12d204033308270f9169b4fde46e15105c20aa7d7b362e24dd9c3
dcdf62f54440f8c224dcdfb6453c53106600c573d3cb5e4c0ba0d1cafcda3edc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3bae58de87cf59280da249d9ccaa43bdda971be7b70f9e0dfcbf63f1d72e269
ecfc48ab5315e179e1948be2aecc95b3afc29ae1413a2024abb9b1706df9ff0f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc144067afef769e99b6ac5ad91e1a3975da87a5984ebee9d66f0e5df298fed3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

dutyrefunds.crisp.help Open in urlscan Pro 2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

70 Requests

100 %HTTPS

90 %IPv6

17 Domains

21 Subdomains

21 IPs

5 Countries

858 kBTransfer

2804 kBSize

11 Cookies

24 Outgoing links

Page URL History

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dutyrefunds.crisp.help Open in urlscan Pro
2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

100 %
HTTPS

90 %
IPv6

17
Domains

21
Subdomains

21
IPs

5
Countries

858 kB
Transfer

2804 kB
Size

11
Cookies

70 HTTP transactions
2 data transactions