return-thief.com Open in urlscan Pro
2606:4700:3030::ac43:a8cc Public Scan

Go To Rescan
Add Verdict Report

URL:
http://return-thief.com/
Submission: On January 28 via api (January 28th 2024, 10:47:32 pm UTC) from US — Scanned from DE

Summary HTTP 133 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 133 HTTP transactions. The main IP is 2606:4700:3030::ac43:a8cc, located in United States and belongs to CLOUDFLARENET, US. The main domain is return-thief.com.

This is the only time return-thief.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
80	2606:4700:303... 2606:4700:3030::ac43:a8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2016	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	45.41.235.65 45.41.235.65	399250 (NAMEHERO-...) (NAMEHERO-KCDC)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
133	13

80 2606:4700:3030::ac43:a8cc (United States)

ASN13335 (CLOUDFLARENET, US)

return-thief.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.41.235.65 (United States)

ASN399250 (NAMEHERO-KCDC, US)
PTR: node305.namehero.net

manafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
80	return-thief.com return-thief.com	32 MB
16	youtube.com www.youtube.com — Cisco Umbrella Rank: 75	2 MB
8	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 220	81 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 static.doubleclick.net — Cisco Umbrella Rank: 263	1 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	66 KB
3	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 93	12 KB
2	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 231	10 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2 play.google.com Failed	39 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	254 B
1	manafinder.com manafinder.com	2 KB
133	10

	Domain	Requested by
80	return-thief.com	return-thief.com
16	www.youtube.com	return-thief.com www.youtube.com
8	jnn-pa.googleapis.com	www.youtube.com
4	googleads.g.doubleclick.net	2 redirects www.youtube.com
4	fonts.gstatic.com	www.youtube.com
3	i.ytimg.com	www.youtube.com return-thief.com
2	www.gstatic.com	www.youtube.com
2	yt3.ggpht.com	www.youtube.com
2	www.google.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
1	www.google-analytics.com	return-thief.com
1	manafinder.com	return-thief.com manafinder.com
0	play.google.com Failed	www.youtube.com
133	13

This site contains links to these domains. Also see Links.

Domain
media.discordapp.net
www.youtube.com

Subject Issuer	Validity	Valid
*.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
manafinder.com R3	`2024-01-02` - `2024-04-01`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://return-thief.com/
Frame ID: C4568DAED9B144F0D1F4B306348C2775
Requests: 88 HTTP requests in this frame

Frame: https://www.youtube.com/embed/xw0ixm5mego
Frame ID: 0B53BE00F20232725FFEA82358BF4A61
Requests: 23 HTTP requests in this frame

Frame: https://www.youtube.com/embed/xw0ixm5mego
Frame ID: 703E6B7D66129B12A07389BEE761F370
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Return Thief - Indie RPG

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

133
Requests

31 %
HTTPS

92 %
IPv6

10
Domains

13
Subdomains

13
IPs

2
Countries

34876 kB
Transfer

41838 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://media.discordapp.net/attachments/1131247188182306856/1156672687691792557/image.png?ex=6515d2e2&is=65148162&hm=d7ae8dad887d78d6767cee8b1a96a354d80d29502d92d51457e563d3bb4fe833&=

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@ReturnThiefStudios
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 120

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

133 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
return-thief.com/ 175 KB
24 KB 451ms
409ms Document
text/html 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 820faadc8264d6a7a10162a0aeb01906619ee173dedc66cc13e9a2cff26cdf3e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-RAY: 84ccc6769f356727-AMS
Cache-Control: public, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 28 Jan 2024 22:47:06 GMT
Last-Modified: Sat, 02 Dec 2023 04:05:24 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qZmQK8AN%2FvojXKJnJ7KYJ84MqzfCSvpgAUH32R4u7BY4JFj0LSygWXRhvuqOjgOo3r4aONR9r17H4igTHWOdWR504TcwJaB1LU%2FA4bO4kF9GGkda1I9rGNeVyRNkfLP6y4a5Nq5IUE3%2FAPWhTU99"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Powered-By: Express
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK admin-stylef24c.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/assets/admin/css/ 22 KB
5 KB 611ms
604ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/assets/admin/css/admin-stylef24c.css?ver=1.6
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8c50d55c106a2a7482f00fdcf2a456c39eacdab6ec640c4ebf47f5046bd8d496

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"57e4-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxRfw%2B6Qm9wk7tIJ62KmiDPsgxNgCXXbto13Tpi5j4uv4R4b9k%2B18sMkjEHfJA6YFQLq9IBpJ5X1PUf%2Fa%2BWtlRHxo9vSg47klVa%2BV2BIhFpL%2B5dSC56xkzGcc7xT3i0XilO%2BTUpryt7Oxi3lL83I"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67a6b4c3732-FRA

GET
H/1.1 200
OK style.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/ 0
795 B 443ms
436ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/style.css
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 0
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"0-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFDeTQitmN1P%2BerGuIvOLh309pKyFy2OmqdH9PFrfzZ%2Ft9D2FSAIVnmcH%2FQ5utrb3wbD%2BCTvxN0zMay4eS1lGeO7WAedYa3liUXDfjWMCtduoYXqL8v4PTumpLqeKT0uqft1I6FzEBXLh2%2Bcth%2FM"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc67a6d3f1c3c-FRA

GET
H/1.1 200
OK css
return-thief.com/ 2 KB
1 KB 433ms
420ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 64c84e16c6cc39422a393b52b7d66177ff900d5af3290b3eb62ebe22a42dcfea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"986-18c28b3d42c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8V8zv9Glf%2BBBewEcWRjtFprF3Q3oOAy0ItnWREQ1nabUS%2Bs3RKJSekwXyuFHn1hlBnk3zWDacTg%2BpJ%2BgVYxXZ0q%2F4owz8z2asNbcD6meSCCE11MPFkoApboSpkbE6WRJYDJf%2F4tvMZsQ%2FWVzaxyl"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0
CF-RAY: 84ccc67a7e61b930-AMS

GET
H/1.1 200
OK et-divi-dynamic-7-late78fb.css
return-thief.com/wp-content/et-cache/7/ 19 KB
3 KB 647ms
645ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-7-late78fb.css?ver=1690244569
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e79c2134a52e80c5b994416b54c9db639c4a4271fb51a00efd083c121e90a69e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"4cf2-18c28b3d465"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vlEn14yE8cc24N%2Ft1a%2FpcWq5K61djDZ98UyGowGmmObZErAgXErxPDdJ36eRApdpx3peq4dB0XZtLFGEZcKPDec94Ma5VhNFuLD97LKRKADtSqALp77%2BQyHLdb%2BW9TbUlHr00VEzp5Y33BbmoCBs"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67ccf176727-AMS

GET
H/1.1 200
OK et-divi-dynamic-778fb.css
return-thief.com/wp-content/et-cache/7/ 56 KB
6 KB 799ms
786ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-778fb.css?ver=1690244569
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b44080f70aa628f2d19eea4951050dbf3ffea77f20e2bc98f92d52cefedba5bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"e070-18c28b3d465"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWVZk0LoajGoU%2FI%2BXAX%2BpvRTpHB8%2BQ8rd8KuTttZgXm%2Fak04AF5pVJSZbS3egamktp64dVunvf%2BrEVw6PpRTymUfSpejhySMKAbWInPh05DyJS2djjWG0cGDo5sgFNfqoBzkf3QENeF%2BkEgrNWFD"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67cc9b4660f-AMS

GET
H/1.1 200
OK style.min1c9b.css
return-thief.com/wp-content/plugins/divi-essential/styles/ 723 KB
68 KB 1230ms
1214ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-essential/styles/style.min1c9b.css?ver=4.6.1
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 16fd6352c4b741b3bc6238669bd4811762d52c4b7f2ba0eb4c9af5f656880997

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"b4b80-18c28b3d46d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2B9VXBHezDUL01UDqJ9AEB4sTeglHDqnVr%2Fg0hDqwduURUNFVxU78R6WndbMGvUn8OyuZU1FwmdyD12jYbTNf9CT6J%2B23I8NLht6193NMx%2Byt05CNgZ%2FzTkg5IiCFrNofUqsnP7CK0EtbI8G%2FX%2BA"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67cdcca66b6-AMS

GET
H/1.1 200
OK style.min8a54.css
return-thief.com/wp-content/plugins/divi-heading-module/styles/ 2 KB
1 KB 461ms
402ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-heading-module/styles/style.min8a54.css?ver=1.0.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2938c2bae81668158c926a5789b036328f7402dc21403c0b559242cc89766e68

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"892-18c28b3d46f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QQ7GvYTsZDosHmfn%2F3qjwOaPi1o%2F9cfCeOe0g2gJEHxjyAt3Lg6mdiyYmbGm2WhdKl4Fsa%2BMR1Nr88Yg%2BGcOQ9KEIgrrtfVh%2F1FjkJKk0owusUHhEWrXzbsz5svhZbg9tlDV8lT%2FHhIXYtqfxaNP"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67d19d9b930-AMS

GET
H/1.1 200
OK style.min8a54.css
return-thief.com/wp-content/plugins/divi-next-blurb/styles/ 98 KB
6 KB 888ms
820ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-blurb/styles/style.min8a54.css?ver=1.0.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b94c2a9d3a56096972f6eca9c29dce1ad98a63ca36c1125ae6c2821995c462f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"18687-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyKfgNt5lX%2FZ8pYQyjK6vtitOraPHM1cB3rBijwdNypGoqmnb82k0RqmdDUKE2X8D1LXBvPonfZOtsdDnkpxXCmWaVxmfhf4ItFYSFupA1IR1uIGN2Vi2gn6HZ4mDc4Yq%2BfORzlAXmL8jNPw1wZ0"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67d1f781c3c-FRA

GET
H/1.1 200
OK style.minf24c.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/ 49 KB
7 KB 1081ms
846ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/style.minf24c.css?ver=1.6
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 75a5f96d771f0c8ef2bc023d6543cb0e21921dffbb38536658b73f2169b2abd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"c226-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fa%2B5H1R0kPVWv6%2BZE5Mtt3zmZuK4eCC2iQClXEkoBA%2Fb1dFdNRmZSTbQ%2B21qxuSjovp0TR9DRf4%2BpXDuRR7rZ8A0CZfM5B%2F0Duc0B0ZLSUf9YGvcl8ciAkUFZJyQh68QADDcM85tqzU0Rz0EH9bB"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc67e2e593732-FRA

GET
H/1.1 200
OK css-1
return-thief.com/ 3 KB
4 KB 677ms
216ms Stylesheet
application/octet-stream 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/css-1?family=Poppins:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&subset=latin,latin-ext&display=swap
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7756716c0cb3db151c4f594d94d64920faee524d6a450e5cbb6777e351e37311

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:07 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 3286
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"cd6-18c28b3d42c"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbS0sNHPncduzXSM99fqODf9sxhemDXdQOhIaCXgFHWE5%2FVyPw0rk77u24XxjmJuFSLXmTX2LtDvaryJax8NxmCVaW%2FG4dkslo0FoHwNUpl%2F5Zhesiy9fxzO0hSmXZofMG1XGVPAB7iSaSs%2Fx3gn"}],"group":"cf-nel","max_age":604800}
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0
Accept-Ranges: bytes
CF-RAY: 84ccc67f9d0eb930-AMS

GET
H/1.1 200
OK et-core-unified-tb-0-tb-0-deferred-7.min2601.css
return-thief.com/wp-content/et-cache/7/ 20 KB
3 KB 1261ms
615ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 88c317832218a45e4b3d793067166a404a1a603fc94725e013b58048e867cee6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"5149-18c28b3d465"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDS8HZXfmZ99MKMAmJx01wZIC5DpOsjklichiQgvmS0miZIVvadMCH8nNojUPgOvKMy5%2FsOh2q%2Fe%2BmoKDbcS2CE%2BtTp8A0ZMZzSugPY9Z7gPUhqi6NIikPHZudKJcnLSgupNo6e2EGaOaeVHepV4"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc680cb696727-AMS

GET
H2 200 xw0ixm5mego Show response
www.youtube.com/embed/ Frame 0B53 92 KB
40 KB 113ms
92ms Document
text/html 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/xw0ixm5mego

Requested by

Host: return-thief.com
URL: http://return-thief.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d882d6d9dd7feba454ce6860cc644999b7e33283edc19bc77502553fd829882a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://return-thief.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 22:47:07 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK image-removebg-preview_1.png
return-thief.com/attachments/1163892519243874374/1165371281408008202/ 20 KB
21 KB 1373ms
616ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/attachments/1163892519243874374/1165371281408008202/image-removebg-preview_1.png?ex=65469b95&is=65342695&hm=d59115e3575e74bd6c74c623&=&width=484&height=125
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c54489168d5a42ba6c46a436e1323bf4078afc973b9712db2365ed0ba99ea6db

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 20266
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"4f2a-18c28b3d42a"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RxfMn2p%2FrBH5PynGsrwxIA5IWKL07IKmPr8Ba44WPqbeeNBSIH5Wx42FPdE%2Bmp0uwrIQUZiXu0NfhOkr%2BBPkrNSOQixpQ0kWsNR0mqXqJys%2BRk9OOaOEtg9Jwz%2Ft8oHM9hICXNE1o0n7nvKAqRea"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6837aca3732-FRA

GET
H/1.1 200
OK image.png
return-thief.com/attachments/1163892519243874374/1165372261432316045/ 426 KB
427 KB 810ms
810ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/attachments/1163892519243874374/1165372261432316045/image.png?ex=65469c7e&is=6534277e&hm=68372bf542b58311096b5c5f&=&width=525&height=446
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e75d35f50f8c1b9274cd409ae240c978aa84df508946d20c9b1a741c8bb9da6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 436369
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"6a891-18c28b3d42c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBkuEhSbuS6cunUerfRKDHzY1ywbQPzBg4wGUKO9xzeM7Pgz72oNgdBuUKYEoilMFwIKGHiVn8vMankuXJmRXiQ1xo91HV1EuVpuK91xO7LPHtexz3I55I25zms0sMrxuK%2Bw7PWjrHjzzY9HlgkN"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc684a8336727-AMS

GET
H/1.1 200
OK weapon-variety-manafinder-1.png
return-thief.com/wp-content/uploads/2022/08/ 211 KB
212 KB 788ms
788ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/weapon-variety-manafinder-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 577fe989c5a7363ee9df36c1d191cf057360c1c6fec57a2cc6f059899db3d5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 216363
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"34d2b-18c28b3d600"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=93KO84mv96E3GF%2FlZeFXf9xREzaRmWtdsVgHPVdIRXtTuGtDIjTLeXrORJq36daiV13dIHsSj2XKs9nlyQU0vls6rn0IYh1XQka5doI8fXLhd6B4JNKOoubxHytXZvkpr2ng9JL62sgff%2B34jdS%2F"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc685be1c66b6-AMS

GET
H/1.1 200
OK explore-manafinder-steam-pc-1.png
return-thief.com/wp-content/uploads/2022/08/ 29 KB
29 KB 619ms
619ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/explore-manafinder-steam-pc-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 42a9abbc8fc9b178da6b3547d3746031bb9fba2bb65a838019bd840bf326b88c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 29271
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7257-18c28b3d5f5"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NF1GeXVdGjFn5JRqWpyHIb044qgxEdZUz1JdD4ynOCWrtu86S%2BKTA5IinWywnNkYFBvM%2B5wSR7RvtlPZr%2Bdt3q6kpugtbfXCWPSGAd0vuH8GtcRPdhGAS9kGOW3qMM7wgHVCl4Ws9gJFp2rLoDX"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc689ffec3732-FRA

GET
H/1.1 200
OK blessings-manafinder-1.png
return-thief.com/wp-content/uploads/2022/08/ 79 KB
80 KB 816ms
815ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/blessings-manafinder-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 65d8651bd1857952d2d03fdf7ec4190396596e1d5e84e7a205b4486d9885c3ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 80964
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"13c44-18c28b3d5f3"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Xzd1CDTHIYjA04kXQEHtHeCasHwSv0AMwfjbOlBesoJgeaxYlImqqc2APlmlQjrvVYzGSvB8BsbKWVYj1r9w3pTL3mGvA%2BiKccw357XX8S5406Q6YHbw%2BZmYVlTHXnWATcQOEe9Etya3Mg0%2FzN8"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc68c39d96727-AMS

GET
H/1.1 200
OK gathering-manafinder-pc-steam-1.png
return-thief.com/wp-content/uploads/2022/08/ 651 KB
652 KB 813ms
813ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/gathering-manafinder-pc-steam-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 64186f0e44c49d95b0292d352a8a75888a5d61d9a3dfaae0fc2bc2731372b379

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 666506
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"a2b8a-18c28b3d5f8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a2%2BEiv2JlbEbdZ7DstZnZ9f1DQzDLBlPuNujhq6h7edWlbUJWcxh%2B3lx3YOqp1VPPE2aFvN7%2FzTWWS3L19Rm17dbu49Nru5%2Ba%2BKD9vRTxjz6EJZEiMv3eEXQIgZIddU6oBtVFiNK%2BYSsjsOruts%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6993b7f66b6-AMS

GET
H/1.1 200
OK loyal-companion-manafinder-1.png
return-thief.com/wp-content/uploads/2022/08/ 401 KB
402 KB 783ms
783ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/loyal-companion-manafinder-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cdaa9b97ed2701347c1379d0e73b618b5495ed8d89c4a4ea7d77d286f856ee08

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 410438
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"64346-18c28b3d5fc"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQNpAsDCFcC4PBsYDL%2FB2vwJtXArbBwbAW960zQsvH807EG3ioeQCO69witH7Vkmji4aWa%2BWHBJnZx7DNpfuYMguPuWFakQohYrh92%2FimFL6zdMeq8rzc05g0ZBUmUYVt2a9cMGAkL87aceksCwL"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69a6e211c3c-FRA

GET
H/1.1 200
OK sidequests-manafinder-1.png
return-thief.com/wp-content/uploads/2022/08/ 40 KB
41 KB 595ms
595ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/sidequests-manafinder-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8510025441d67b07de6669c51c9bab5159d72ca339dcdc1f5b9e7758999e82c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 40733
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"9f1d-18c28b3d5fe"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1AipJOnArWmR7VwE1a6ho4xBsZdkYpNzdwWaamyqvesmhYjvOuUpqEfkL7N9usGNmuoj%2B8FfZ9i5o04FPQbbG8cKiuBjLPpoTdJv1%2BCg4w5EjnUFq0zOv5EPdXK569KtyKWnyzItyzVk2P1zwtP"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69aeeb33732-FRA

GET
H/1.1 200
OK js Show response
return-thief.com/gtag/ 238 KB
83 KB 328ms
327ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/gtag/js?id=G-RZJE56PX5N
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d4825f811d5683aa768029fd61b72338062ee7f4b127198281f2f84bc1eab4ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"3b974-18c28b3d42f"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W07j%2FOkwDiQtD23tRUJKqCW3vtmpxvKtj0OLOsH5UPCOnE3dUrdJ9bDBWcoRm9G4rQBWJyz0OmI2JLMLcEeyoDWBMstKjGCwpg92DAM5VFdHCuJtaQVORMbEgKab36PwHuqVpa3HziP%2BRoVYKDW%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=0
CF-RAY: 84ccc69b1e34b930-AMS

GET
H/1.1 200
OK magnific-popupdc98.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/ 7 KB
3 KB 589ms
418ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/magnific-popupdc98.css?ver=all
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1b27-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jN3cs5uYwpmqlSikk45S%2FMqlkDElsKKQbwP0TkZmI8Vr%2F9WkCRRv3q0tAFo7FaIVyXYcc10801WXDE705IizXyUQSxaJ1gD5k%2FWSQTxMb8iDER6eoioXlDJM%2FzSs3FaP0gQZXWgjxMG%2FNNTC1jOa"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6875e103732-FRA

GET
H/1.1 200
OK msnary-hvr-cssdc98.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/ 53 KB
5 KB 1155ms
816ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/msnary-hvr-cssdc98.css?ver=all
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c4e84c43bffaad0ccac8e7e0179d561afabe17f819b8e62d95d2b2f8cc628c26

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"d35f-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z0RgMB%2F5imQS3qVVd%2FvD4sQHohHjzcmuT74PZCIs0Socrs1xUX76xowhtWxelxovhOQGH7%2Fm9Z8n5OcnboblgcR9AmmQ2hLmEwUtMkdgQST8p182uv4anXf8XKqGoi3vcucwoVOWSq0tY0OFTZOd"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc68c2c12660f-AMS

GET
H/1.1 200
OK msnary-filterbardc98.css
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/ 5 KB
2 KB 486ms
485ms Stylesheet
text/css 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/styles/msnary-filterbardc98.css?ver=all
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 381993474a10cdbe197ecfae4c553135f696436438e7f53b3988757ca02e2ca3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1312-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7kP0lRvele40WWCFFGQMbPc5GoR1X8p6dAZUFC05auB8S2l5Md9hjsVan7CtbKQNwmQboD9i%2BW75H22fM0CbOwa5w6fuBV7%2FmXlgZOQcGbVOq4c65gpxPifIWyWuBN7FtH1K%2FCSmqQGbuxRsEFp%2F"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc68d0eb466b6-AMS

GET
H/1.1 200
OK jquery.minaf6c.js Show response
return-thief.com/wp-includes/js/jquery/ 87 KB
31 KB 824ms
823ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-includes/js/jquery/jquery.minaf6c.js?ver=3.6.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:24 GMT
Server: cloudflare
ETag: W/"15db1-18c28b3dac2"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2BLwprG2JLieEcIrxlHwCfJuAU6uJkyfdfvC9HryWMisarI21pbUgcdy9ZTZChqa72AtEDsOPnwAZUBz2BPTs49ZEVk1D607x0DjiK%2BHJu3uXxAI88QtwO29Y8iAEGohoYyc%2FMEXCy4vUTAqaCTd"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc68d9bec1c3c-FRA

GET
H/1.1 200
OK jquery-migrate.mind617.js Show response
return-thief.com/wp-includes/js/jquery/ 11 KB
5 KB 439ms
438ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-includes/js/jquery/jquery-migrate.mind617.js?ver=3.3.2
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:24 GMT
Server: cloudflare
ETag: W/"2bd8-18c28b3dac1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DeqCs1kp80xcTGPmpDwG8fcXtBunNbFG33eA5V11xAkJB0nXwnW9F6bj0jsnsNy%2FbH14RknJicSX6Goj1t1cxxw0rn4vx3aB6JVBOb5eNF9HFSrbpyiVwRQ4RmaSaEU1VWnKiWfD5ucedMS1f4Xk"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc68ddaa93732-FRA

GET
H/1.1 200
OK imagesloaded.min.js Show response
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/ 5 KB
3 KB 402ms
401ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/imagesloaded.min.js
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"15da-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEXQWdVhviRQ15Zh5vAN9GmGv0j9bek62%2B8vS7YhPtX%2Fcwbj2Tth7rOHR%2FF%2BkTUbHWF8EPgEqxaesb19KCOCcBx72463fvclxO3miNU3IojSmW3OIrKD0sd34BJPZ67CB7QvahLjAfcr8K0olCdz"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc68f8a15b930-AMS

GET
H/1.1 200
OK default-value1c9b.js Show response
return-thief.com/wp-content/plugins/divi-essential/scripts/ 11 KB
3 KB 409ms
408ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-essential/scripts/default-value1c9b.js?ver=4.6.1
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 62a65bbe30f8a97595a13c92824bab6ca82029073818ccf6110b2963b3b44d38

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"2a7f-18c28b3d467"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F1nRG5izdiT%2Bm0pT9peZYy9XnBV2WK2ELr9Kcbx%2FFd3MDbJ8B%2FV98O9DPVd6Pr9sPa1pZphAZXmsnYmwLQ%2F7C%2B3VvKqngOvMZr%2FfBV0Zl8HekmiIwjTC%2B5Ta1swfxNr6Lpq%2F9miYBoKQrGvw%2FPC7"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6909cb93732-FRA

GET
H/1.1 200
OK imagesloaded.min1c9b.js Show response
return-thief.com/wp-content/plugins/divi-essential/scripts/ 5 KB
3 KB 422ms
422ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-essential/scripts/imagesloaded.min1c9b.js?ver=4.6.1
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"15da-18c28b3d469"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqYumSz5T0T5BgiNwl8NYN%2FhKbsQkw%2F3rG8ML0TNDnpBHhe3ivPuyRyj2HBt5wecfP7VZbzb12%2FZL4KMlJdxwMHj%2BKbf6FFbw3brC3vY3NuNePDOQHkG3InJat1ghmNZNJ6efU6aLx0VXVr2oEfR"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc69138f2660f-AMS

GET
H/1.1 200
OK scripts.min8686.js Show response
return-thief.com/wp-content/themes/Divi/js/ 268 KB
69 KB 973ms
973ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/js/scripts.min8686.js?ver=4.18.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 543abcc9b648e8163b776c15632a566251717566a4d724f9939bef59399eefc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"42e58-18c28b3d52a"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMfr9Lpnag%2BH6kq5iGvoRIjgxAStPwe4ytfer6excIz%2Bknkmz3kS4R2J4UvJRuGW41lI7dwayDci6%2F%2FcvjoI1ETq6vsadXog2DfYnJjNlByup6VQs1UzdXLclxqyi%2FV0z34w6S4Sf0pChmP2Ul7i"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6915fec6727-AMS

GET
H/1.1 200
OK jquery.fitvids8686.js Show response
return-thief.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 3 KB
2 KB 416ms
416ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids8686.js?ver=4.18.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"d15-18c28b3d527"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a3Weh92%2FjkviIY1WsZ3ZSPYgnF3Q3bfz%2Bz6g1abxsEGbu91IePdM7aSan85bTqJr1G1JmeQ13Q60Ll%2BPmOdOXXW6bFtmnwrbrndrpvnv3lyJJScgejbrByfc5UdBo3nZYFY0X4a9LGra%2B7Y%2F6B75"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6920c71b930-AMS

GET
H/1.1 200
OK frontend-bundle.min1c9b.js Show response
return-thief.com/wp-content/plugins/divi-essential/scripts/ 252 KB
67 KB 1018ms
1017ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-essential/scripts/frontend-bundle.min1c9b.js?ver=4.6.1
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c4aea70d5f40957b5c7487723baff668ef37a941774824506bfea785d1725a43

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"3ee03-18c28b3d469"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAmVFXYZ8Wy%2BLP9cEqq5amRsqo98WigG7LbLI9gTegMpjXF5352upxgkrOLyD26rYeo2bGDt%2BVbkwaZfQ3BNzJtsglQfY%2BAhkcUX7p0%2FVwX%2FDN06nRmk98DHrx9GjrQUCVIu3zFqUu6z1iTebOSo"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc692cf901c3c-FRA

GET
H/1.1 200
OK frontend-bundle.min8a54.js Show response
return-thief.com/wp-content/plugins/divi-heading-module/scripts/ 608 B
1 KB 419ms
419ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-heading-module/scripts/frontend-bundle.min8a54.js?ver=1.0.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d6e1f040efc9de59ea56ccbf6ce8ad2d8936ec5da1cbb684ae3f8a116da44e01

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"260-18c28b3d46f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QDoqzYRZ9MGQ98kwH34SSM%2B%2FuBUUFd4nL5JJy5q794rTmR0fWwBb3RTFOlbazAWH0oZ5rT4%2BEqi17%2BdIkuFBIPx1034%2BIRGUJtEpMgOgN7fOHI0lc21dZ8qil%2Fs3B0ymLCWJNGfH2jmvZvVpwT%2Bq"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6932ee33732-FRA

GET
H/1.1 200
OK frontend-bundle.min8a54.js Show response
return-thief.com/wp-content/plugins/divi-next-blurb/scripts/ 2 KB
2 KB 405ms
404ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-blurb/scripts/frontend-bundle.min8a54.js?ver=1.0.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c01b328991ed231dff99643e77db215b2f41b15bb2e2c9c0222d9831d4073057

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7be-18c28b3d470"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1iRnXkCXc0WiBd2KyHB5m9m%2B16yh5anbYpPL3IWlqyicpR3DvSU3fmsH%2B%2B1GGgASDJKuMLCKVEs9J6kH8K2u3srFPIUKRl8ycs6iKda%2BUGmadJSJIfumPOQqubcCc2cMpItSEVS%2BSGfVpircM1HL"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc693ebd0660f-AMS

GET
H/1.1 200
OK vanilla-tilt.min1c9b.js Show response
return-thief.com/wp-content/plugins/divi-essential/scripts/ 9 KB
3 KB 402ms
401ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-essential/scripts/vanilla-tilt.min1c9b.js?ver=4.6.1
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 216dcaae75f9f980abe42e10d74d654766a1dd3d3e211d8878049d7faa2b9d7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"22ea-18c28b3d469"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5QxG5medJQgWrHMeGLmHOPN7ZmF0%2BPQLeNufin%2FkX7iwp69OCJY%2FmeoINPFb5bQzZinCoChBDuYrp6ivQFZ8lQsQvCjSRAITLQf1BjETDBZXz0HbzmIy32QwuDCC2hUwtBCMEs7uyAn0Ih5HCngb"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc694afb6b930-AMS

GET
H/1.1 200
OK frontend-bundle.minf24c.js Show response
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/ 25 KB
9 KB 620ms
620ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/frontend-bundle.minf24c.js?ver=1.6
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: c36ab7960973e905b4c42046d4d9963ce2c93a909a8b55122c62d5d9ccc874a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"6349-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=485MgHt9iZ%2FJm3ZwrEOVHnmvvE5rghiyQ9%2FNtufiHNdFqWHXas9lc6zoMgE%2FmP2i4WgfMlBFCVrDMQJm%2B8NBMQ%2FT%2BvC2JQ8I6eFXrXbrWvXma9aiTwEptvEOTNbEmjeJGtRHt7kK6sij0Os7LUvx"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6955f9866b6-AMS

GET
H/1.1 200
OK common8686.js Show response
return-thief.com/wp-content/themes/Divi/core/admin/js/ 1 KB
1 KB 419ms
419ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/js/common8686.js?ver=4.18.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"53f-18c28b3d524"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lECI5tvjLst8P6T6Z3HLtj6EkfFDab2w5X2q3z8o0NbJfiig7kZjMcN4ICu1u%2FeOUqcm79QtAgdPTdpI1TE81HzPvnxWH%2FIE6yuOmh7CN860fmT%2FWVSJ752tBWkBQlRNFySkhCJk3a4PaeT6BILz"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6966e52660f-AMS

GET
H/1.1 200
OK isotope.min.js Show response
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/ 35 KB
10 KB 625ms
624ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/isotope.min.js
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 081ae9baaacc857c1c2cb51de6dbd0e1eb811c2761ef01a50df373f2f6eefe22

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"8a75-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBMUtqIxdE2kaj9%2FNZ5sEeON8RfAn%2B2aXaPFTYw3ljtBHS%2Bapd5hqyzhycHRMecGVL9YpKf7o%2BiM%2FzYwS0f39wP%2FzJx2Z7tRNWee9cfKuQtQOcnK8QmhRIxeaE2WZWzi5SggR0wfRctPEXNds1D%2F"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc69729c0b930-AMS

GET
H/1.1 200
OK scripts.js Show response
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/ 3 KB
2 KB 402ms
402ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/scripts.js
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a41154bd01febfa94dbed46492b7753e42139ddddbaa49b288136d5a068eb307

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"da1-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wYO4VMJi6xqCnF%2Fs7CYXhsYJ09pkxfvD8VOcg%2BY2rYaWDPqc8m1mVeLJqkLcFGHEBN4qI5CmlfOgp2dt3YjD91ajVzyQroeJODee8YS1sd4rIqtcjM%2B%2FkrhpE8E5wEBDgqaFRKVygIosEYVdJRN"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6986a973732-FRA

GET
H/1.1 200
OK magnific-popup.min.js Show response
return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/ 20 KB
8 KB 610ms
610ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/plugins/divi-next-masonry-gallery/scripts/magnific-popup.min.js
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"4ef8-18c28b3d472"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgwAT%2BhfdE8l1gIwxi2Xu8FMZtgk0B0k8jdKFZuT8I%2BQjK3ZIviUcC8u5JmRlQHIZRKcm9%2FqiQFfAdRBpBAT90wrzN1xQiNas5fZS6Umdgta%2FR6nLIhfjefC3%2FX6SeuwhS7dSfrOoNL%2Ba8ZSzlEj"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6989a2d6727-AMS

GET
H/1.1 200
OK sticky-elements8686.js Show response
return-thief.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 211 KB
60 KB 1039ms
1039ms Script
application/javascript 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/sticky-elements8686.js?ver=4.18.0
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a0d93b924346d3e63a0ed2d5f46cef0fd6b0a1614c9611ada94f67905f9a7b0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"34da9-18c28b3d528"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVyZ5ci0AzM5zv4d91nMiQQ7f8icP63JUeM5cBLRiQC4067pVVAxk9pqp7wlgow5ITRaFYKnbBKyFcAUwIpmvF5zNXQqBdSzYj%2FsLPy3%2BiZsEQ2giN6etEZyi37Oh%2BqSY9QWU6hMZDNxaLYuakru"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc699090b660f-AMS

GET
H2 200 www-player.css
www.youtube.com/s/player/cb886c6c/ Frame 0B53 359 KB
47 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0927d0eb1802a65f1b033034b2d947118d176148381dce25c885d9deb94b9d7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 08:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47487
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 27 Jan 2025 08:09:45 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0B53 15 KB
15 KB 35ms
11ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 05:31:50 GMT
x-content-type-options: nosniff
age: 580517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Jan 2025 05:31:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0B53 15 KB
16 KB 32ms
9ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:09:14 GMT
x-content-type-options: nosniff
age: 481073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 09:09:14 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 0B53 53 KB
16 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9419adcc1f13fd1ae3c0d347a3803311060a2d8d35759514019ceb545aa6d108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397354
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16791
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:33 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/ Frame 0B53 319 KB
95 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5904ac053ee5163169774e5563cc32a2c458a4ce0e8b4e76e173998f4d01d580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 14:04:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31370
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97391
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 27 Jan 2025 14:04:17 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 0B53 2 MB
771 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ac64e5d6f76ccb2e045537f017a83122eedb10a18e4cad23a8563df1e96d5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 397354
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 789328
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:33 GMT

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 0B53
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

15ms
14ms

XHR
application/json

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

447790eac6eb7f6c3279b1f63704e4217c1c2a0573f7ffebb247f8a67f70f98f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0B53 29 B
495 B 27ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:40:32 GMT
x-content-type-options: nosniff
age: 395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Jan 2024 22:55:32 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 35ms
14ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 28 Jan 2024 22:47:07 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0B53 87 KB
40 KB 26ms
26ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

db7fd51175ab51e70075e5a86af68408891d94906c6588734ac0c6490c8be63a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41120
x-xss-protection: 0

GET
H/1.1 200
OK memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVc.ttf
return-thief.com/s/opensans/v36/ 50 KB
32 KB 1169ms
811ms Font
font/ttf 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4uaVc.ttf
Requested by: Host: return-thief.com
URL: http://return-thief.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: bcc7eb8b166689cc607d38b54cdde27763ee8ca6a9a84fa4563874e7df5aaea9

Request headers

Referer: http://return-thief.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"c7cc-18c28b3d45e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hn06o7n1sDqjRjMb0zVvuUAMEpaN9ClYANxd%2FSYxkeKzSoaVnMNGcjMrYfTKXPrx0Xd%2BezUsVYmKbhcnCZzM0nnjSkIBO3qHmoNwwJNOrOtHgy1oeGDrtTYlFcHL8n5m%2BZuIUs82O1Mjvm7Ookbf"}],"group":"cf-nel","max_age":604800}
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc680ff25b930-AMS

GET
H/1.1 200
OK memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4exQ.ttf
return-thief.com/s/opensans/v36/ 51 KB
33 KB 1298ms
817ms Font
font/ttf 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/s/opensans/v36/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWV4exQ.ttf
Requested by: Host: return-thief.com
URL: http://return-thief.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 3c05a0927c8ad63fbedbbb3a8e142c096f004813743a65e0fcf04cd261e4705f

Request headers

Referer: http://return-thief.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"cdb0-18c28b3d458"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLdMfk7w09nDxJ6adhfQQOW6TMuEhKD0ue8jj7bEgNdGLKioiTLzpTLzzpyDsTgtyIULmIAk4aEf4lu9ibDRYFp5hVZpk7yosR9K%2BsJnw86Xa1CFBb7ogW24YS19bKPdMgBnaeAqVYY3wwr8mVVL"}],"group":"cf-nel","max_age":604800}
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc681bff4660f-AMS

GET
H/1.1 200
OK modules.ttf
return-thief.com/wp-content/themes/Divi/core/admin/fonts/modules/all/ 90 KB
37 KB 1387ms
816ms Font
font/ttf 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/fonts/modules/all/modules.ttf
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e157a805df2257515250ff4c91e5abde50f7e0d9634946878dbb132159e0e97e

Request headers

Referer: http://return-thief.com/
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:08 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"16768-18c28b3d524"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVan5uIIAZ%2BEXCmGiTisqeWC7gZrBerAoeSDVYaQk0uPjGrlpzWE%2BFMZEj8J91QYgu36VVrnfX%2FkcubHpM%2BH71e9X0mZwxTaopE1mmU8d58waQOyQh%2B1HvJHI%2BfYDagKIfT6hDqQumr5qtUN7VC1"}],"group":"cf-nel","max_age":604800}
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6824b231c3c-FRA

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 0B53 117 KB
33 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ae389a5daf8a3cf0af4742ede3304801fb55d272726f8fab13254abaef80b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33854
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:47 GMT

GET
H2 200 cHoal1GHrde4YWVmtNRS7rfNld6iV6ittWnnuOkThR0.js Show response
www.google.com/js/th/ Frame 0B53 51 KB
20 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/cHoal1GHrde4YWVmtNRS7rfNld6iV6ittWnnuOkThR0.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

707a1a975187add7b8616566b4d452eeb7cd95dea257a8adb569e7b8e913851d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 21:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19856
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 10:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Jan 2025 21:19:34 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/xw0ixm5mego/ Frame 0B53 4 KB
4 KB 43ms
19ms Image
image/webp 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/xw0ixm5mego/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b7cd5c9885b40d953693e4a3c56fd364bf2a3cb8e1148f83a10afee4b4846ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4000
x-xss-protection: 0
server: sffe
etag: "1699563165"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 29 Jan 2024 00:47:07 GMT

GET
DATA 200
OK truncated
/ Frame 0B53 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Q2mSjsGIwAnZACAM0faZrYzUgD-3R4MDf1zBWrb4mi9HCcbsPMQA2aSgpcQiNXbvjtHlrqs5=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 0B53 5 KB
5 KB 354ms
332ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/Q2mSjsGIwAnZACAM0faZrYzUgD-3R4MDf1zBWrb4mi9HCcbsPMQA2aSgpcQiNXbvjtHlrqs5=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7177738a55f2bb4253eff94d11d198275570aeee62f574ecc30b880e175f12e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="channels4_profile.jpg"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5174
x-xss-protection: 0
expires: Mon, 29 Jan 2024 22:47:07 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 28 Jan 2024 22:47:07 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0B53 90 B
134 B 18ms
18ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea8ef5591e8ffdc06a3d3cb3b947fd602d98b489351ae3dd7250c886b6f19e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0B53 4 KB
2 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 28 Jan 2024 22:47:07 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 0B53 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?A_wmgQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK home-bg.png
return-thief.com/wp-content/uploads/2022/08/ 110 KB
110 KB 996ms
793ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/home-bg.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 42f881d1c02f9bcfd3573550eb270f2b7089988651111d5ccf094cf45a04b674

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 112195
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1b643-18c28b3d5fb"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSXP4PvA4BTKBkwB%2BkyuP2dUPmMORwo7%2BcTCkJkgFhkVbdnXLEkdqIOQ05oUZt0lF2a%2B9wYQlAPC63H4%2BbQwHBqtM9ERJ9VTNqIsmoLueeWcwZYIpFSokOT3EFyvOec0E5Y79seipAs7uaaCy8Wp"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6876f2a1c3c-FRA

GET
H/1.1 200
OK Generic.ttf
return-thief.com/wp-content/uploads/et-fonts/ 177 KB
92 KB 1019ms
1011ms Font
font/ttf 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/uploads/et-fonts/Generic.ttf
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 03e8ab0de61e811eb275a6ef06d8ac8258305527da9fe0391d6528b73f239eec

Request headers

Referer: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 02 Dec 2023 04:05:24 GMT
Server: cloudflare
ETag: W/"2c2c4-18c28b3dac1"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KMK3uh%2FvzlYI8fTX79Gv4wQuw8VHsFIcjDnuqDMtn86cJcX%2BhOlcO34WlJHSU3yLd2HMuJQR8ElpXRtzVpA4qIyefsogBBdaVNC4K%2FEdy%2BK7nX1x2djoX7b3Bun7980qM7RALCmNT9A6N4AfNYqO"}],"group":"cf-nel","max_age":604800}
Content-Type: font/ttf
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
CF-RAY: 84ccc6860e40b930-AMS

GET
H/1.1 200
OK manafinder-manashard-bg.png
return-thief.com/wp-content/uploads/2022/08/ 11 KB
12 KB 436ms
436ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/manafinder-manashard-bg.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: eec7c773da90b40e0ee7de34f35fd112555b2598b3712bd178c86bb7de08ccce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:12 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 11492
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"2ce4-18c28b3d5fd"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uU9kXZ2PWeDIAF2S3lk4WUo9PpgFN9WqRYJwKCC7kA1tP0yb039AgOn%2FeheQGIBX9whVuIKdE1PQvMf5D7bThud%2Be9z1g4jvRR7f8tdOVIU8akbBM8xzi6AV5k%2FeTi77XFZ8IJ4rTli9XAYzQ74x"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69c6ebd6727-AMS

GET
H/1.1 200
OK specs-bg-manafinder.png
return-thief.com/wp-content/uploads/2022/08/ 15 KB
16 KB 641ms
641ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/specs-bg-manafinder.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 79f0556c91d48ad8e62f6593abfb6791ca402be460e32abf348c2b3a66ef9c3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/wp-content/et-cache/7/et-core-unified-tb-0-tb-0-deferred-7.min2601.css?ver=1690244573
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 15365
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"3c05-18c28b3d5ff"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjOSzlnz1ZKGtcFx98kCILBOEj4cTZtXJtlI4jwIrz4EItSmGhoo06okLNO%2BHTXCf4L91g61mx7ZZKswU5x478fn%2B2YzYtN68d4XJgHWgEfyoQG%2FtQFp8hALuDosIOSnmYUlpo5urRsuSngeAj48"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69eaad83732-FRA

GET
H/1.1 200
OK fa-brands-400.woff2
return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 77 KB
77 KB 954ms
830ms Font
font/woff2 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-7-late78fb.css?ver=1690244569
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Request headers

Referer: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-7-late78fb.css?ver=1690244569
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 78460
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1327c-18c28b3d4c4"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zMQsIRVb7LT6nJXy4z7h7XVklWAhqcptSVlzR7htwb334uYoz2bp7TmrFps7%2FTJ9IGwT1ww2hSxQUw9LE24KG0WPA%2FkC1aqHmwopnzAfBgQ5uthiIiT2pHzE2jz%2BfMYurueA3NU1J64l%2BSdwLdSK"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc686de11660f-AMS

GET
H2 200 et-divi-dynamic-7-late.css
manafinder.com/wp-content/et-cache/7/ 20 KB
2 KB 1490ms
123ms Stylesheet
text/css 45.41.235.65
NAMEHERO-KCDC

General

Check archive.org

Show headers Download Go to

Full URL: https://manafinder.com/wp-content/et-cache/7/et-divi-dynamic-7-late.css
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.41.235.65 , United States, ASN399250 (NAMEHERO-KCDC, US),
Reverse DNS: node305.namehero.net
Software: LiteSpeed /
Resource Hash: 8beb5ba1c7917d8fe9393ad50eadb2de76f38fd15ef8c832fcceb518f74312c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:09 GMT
content-encoding: br
last-modified: Tue, 23 Jan 2024 00:29:30 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1775
expires: Sun, 04 Feb 2024 22:47:09 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/xw0ixm5mego/ Frame 0B53 4 KB
4 KB 8ms
7ms Image
image/webp 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/xw0ixm5mego/sddefault.webp

Requested by

Host: return-thief.com
URL: http://return-thief.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b7cd5c9885b40d953693e4a3c56fd364bf2a3cb8e1148f83a10afee4b4846ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4000
x-xss-protection: 0
server: sffe
etag: "1699563165"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 29 Jan 2024 00:47:07 GMT

GET
H/1.1 200
OK fa-regular-400.woff2
return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 13 KB
14 KB 515ms
484ms Font
font/woff2 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff2
Requested by: Host: return-thief.com
URL: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-7-late78fb.css?ver=1690244569
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d

Request headers

Referer: http://return-thief.com/wp-content/et-cache/7/et-divi-dynamic-7-late78fb.css?ver=1690244569
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:09 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 13548
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"34ec-18c28b3d4c8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lN043NXm1piRbPMFiu8Iw0AIG0Fv1wezBt4nQvriFZBLGeaTsUcd4fDOnWXNrshzH4j41Ub242ZeZniPMp2uEnn5UQH5FywftAiTQ7txiai3Qn8sKwIulAJO%2FIFJz%2BEumTfgDoVpUqx8uUi8LFt7"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc68c7e71b930-AMS

GET
H/1.1 200
OK Argus.gif
return-thief.com/wp-content/uploads/2022/08/ 8 MB
8 MB 633ms
633ms Image
image/gif 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Argus.gif
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5f6a319b694659059edae7e4763196092a76f809a564bf7eeb25e64ca127e8eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 8086914
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7b6582-18c28b3d58d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkQnL0IJA02PQ7laYkAii3gGTUu6V7YYgywbQAHiFH54p3%2FkEY8T6cdXlaqN5yDidtNvnZrwLlPp9G87q1duBISSSu2wf7pmANXw2WQ1ZOGlqkvjNfa0mc8%2BBjCpzvwveu%2BjBYKB99haG2AiA7Aw"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69f2a3a6727-AMS

GET
H/1.1 200
OK G-1.png
return-thief.com/wp-content/uploads/2022/08/ 112 KB
112 KB 779ms
778ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/G-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 68364bade8c9f691bd2b4bbb3aa7c9c2ad3344b6d96958559e32db326010edef

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 114386
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1bed2-18c28b3d595"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m88yvkHS%2BIvyt6Mu1407zNDDj5GI5xP9OyzLrc3%2B%2FxDyDGFLkqwp%2BPDyTBSd2ZTAQUSIOiCJJo75niYYxUgj0wyisSA9%2BDA4uiQdauF9ncqcUp0pNmKLFZLd%2B0OHBw0Uen9YKjHwD%2FzveKeic%2Bfz"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc69f9862660f-AMS

GET
H/1.1 200
OK H-1.png
return-thief.com/wp-content/uploads/2022/08/ 98 KB
98 KB 1009ms
1008ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/H-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6103aea3ac5a991992360396dd0ad02c271207ae5903b4dd07cda34bf5b3e54f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 99999
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1869f-18c28b3d597"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nxtx7KCIIV6zJHFn7QhCUOEmTbWLOjmKCMUMd2rRLrRsIU84NFy2dtaoCZm6kwr2euKV4dnoke%2BVJhD%2F15Hp8NKyQObPbStpJ%2FZTN0CZ8wXV8DMt4cZ%2BgSeQaD45eWt1qpAXq2OghUBw5jMgbmbd"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a17bfeb930-AMS

GET
H/1.1 200
OK image.png
return-thief.com/attachments/1163892519243874374/1163893329012989972/ 293 KB
294 KB 787ms
786ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/attachments/1163892519243874374/1163893329012989972/image.png?ex=65413b21&is=652ec621&hm=758d87c23a427b6d16c39044&=&width=500&height=607
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f733500e56d4ec9fbfa159784eb56c2a73acd0adb16a67df96f158458bc71936

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 300298
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"4950a-18c28b3d429"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEXZSmi851OILnCAfq9EQAOFkokRP29p8B52VwSS1DPLya1jDb8SCnXByQv6UpF%2FswGOruD7gPwobViSn2RILPQy7p6eT0xlaQuzoSuHQYxguMm2xc46xJTVOsHXtEOwKiustBrtu7IPApfhJE5a"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a1bc731c3c-FRA

GET
H/1.1 200
OK Pub-1.png
return-thief.com/wp-content/uploads/2022/08/ 398 KB
399 KB 848ms
847ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Pub-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b2fa37fbe6316477423035ddada1fd3e49be9e402e687175f8d6ae5264f67816

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 408004
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"639c4-18c28b3d5eb"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9WrK8ZQXqttRdzliGghzJ2h7nBXDQ7nCLzJ6kuxPkkSUmeSIIC324JEIdKvdiQB5PNoZ5gFx8sTkAZbOkxtGLS6%2FVDDWHnjNMzY7oNir3JgT4LQ4R6UNEOhcrSYb9Fv6ItLniwQItDYNvGNxjYR"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a20dc666b6-AMS

GET
H/1.1 200
OK Stegon-1.png
return-thief.com/wp-content/uploads/2022/08/ 72 KB
73 KB 826ms
826ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Stegon-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d1427e0c3c19e1fb5463426429bf916e6dd797ccb5af6eb74e27028f98338fe0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:13 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 74086
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"12166-18c28b3d5f2"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1wq%2FFZWQCXcNTjP7eNhx6xL2gjKgzQoiRcAMhhCCpME2tiXpqy%2BtUGAdbAD5499lT%2FMG%2BxyXx4RfLKBVO18ocdAd6qr5b2Q7%2BHN9jsKE1byIYb1mGCch6c%2Ffcn%2F6Hyrad3ly2Fs2XHxVjXPzHxuM"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a2ad393732-FRA

GET
H/1.1 200
OK Aevi-Origins-1.png
return-thief.com/wp-content/uploads/2022/08/ 73 KB
74 KB 781ms
781ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Aevi-Origins-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e0a4ec9044e0cebcd8a76b03f966a326c075c105393e6cb3019ba38e3546d14f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:14 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 75246
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"125ee-18c28b3d52b"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05oCg1kYa0oetFxI2kc2gsIFofCymznopXiFqaFdLC6kF002e1pENWUfvqETwPGnB4f%2FXFFG27gjrituFyjWOgpy32MUWwKgXXnZ2pLQORigVSJ%2BS0%2BY4ONiCpf%2FXIE%2BHZuDvttdJJ1smZLKT7Kc"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a5a866660f-AMS

GET
H/1.1 200
OK Camp-1.png
return-thief.com/wp-content/uploads/2022/08/ 947 KB
948 KB 1287ms
1287ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Camp-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 458e1e5b1dd7260dfd6b3a15262858204c8b991e70e6577c262625ec35b75f57

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 970003
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"ecd13-18c28b3d590"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3n2FyhcPt%2FJhlkVUAmfQ%2BkFVh3Poj9rAuBL0ALorygdx39aPh%2FocYdN3tqoVDkbMx2zAKRxQkt5ZrkjydhBTAXIWa%2BtPzYcJ%2FNzQXH8gPsF8n0xtM0oLiANOYeM8tqiUOUhEgJktwscp%2BHtY7t17"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a7c8eeb930-AMS

GET
H/1.1 200
OK DialogueBox-1.png
return-thief.com/wp-content/uploads/2022/08/ 31 KB
32 KB 1103ms
1102ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/DialogueBox-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e2d5de9ead51111afbc6ecf373fb43eeef4837a9114ca9e571b8b9c579e20c1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:14 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 31606
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7b76-18c28b3d593"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YW0iM%2FPZKefck99OK49ywm4ybkjgKHlI%2Fy6RGHvwmD2KyIe%2FnNXFAT7sKP6%2BdrCGmkbLk7Bo6y2JDNhIh80Cm8Kr3MajV7voeiabSI8NIPWUr%2BznjQAms5Dx1ZPT607koRZEEFsaNMrimMy3%2FOJX"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a7d8473732-FRA

GET
H/1.1 200
OK yeti.gif
return-thief.com/wp-content/uploads/2022/08/ 4 MB
4 MB 1328ms
1328ms Image
image/gif 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/yeti.gif
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 574037fd5bca25a9820d74a2e05a7dbc4737a52062e24e6f711dae1c0ce3e006

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 3925882
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"3be77a-18c28b3d6b0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFVs%2FFZwKH72NQ7wTU%2FuL8Kh9xzeQajxllB07Ki62E84y0GBXHdtN1GvNsKefu10baTf4VHp4Jsj%2Fmjc90R5SN6UKj0hm16TLHdC6O0TURX6TNyo08t1LJamsn2MVJf8TydUKSmhhUWCKr7%2FCfLr"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a909a01c3c-FRA

GET
H/1.1 200
OK IlliasCauldron-1.png
return-thief.com/wp-content/uploads/2022/08/ 92 KB
92 KB 1181ms
1181ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/IlliasCauldron-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b7969cc81215a388c2a11fc6144a2e5219eabafc3ee21cabd5d3146b9cd67573

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 93718
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"16e16-18c28b3d599"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3i0f2fNdfjOBxcKcOVlxD%2B7DNj4GFoOz4R74zjfJAHGDTu6lxM5U0p57AZf%2F8NLyXIOhvO4%2F%2FwwUdFQP1jNFXgE5xPZHOmdwp71mOuqKwUlJErJV8d3A%2F%2F2rbM3gIapJEhp7bX%2BbB96jnMwx3O1S"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6a9ee3b66b6-AMS

GET
H/1.1 200
OK King-Vicar-1.png
return-thief.com/wp-content/uploads/2022/08/ 782 KB
783 KB 1061ms
1060ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/King-Vicar-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 54d8141e126873caa40ab76d184a10d0a38cc63605e30d174f07caad92b45248

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 801220
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"c39c4-18c28b3d59c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVqxkCFfm7g2vXeDazvujJSxbI%2FBA7h%2F9%2Fp3NiXE3LGb0PbrZPsgaOpszdwMOXhhE8Fggt00fBJxVQwBpMvRLzAallX4nXbHN%2BwWCZq1kTwKGa2F2xopTIZ0aSjtgf2P9IoesUiw%2BWc8ys1VS7r3"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6aa9fa6660f-AMS

GET
H/1.1 200
OK Lambda-on-a-quest-1.png
return-thief.com/wp-content/uploads/2022/08/ 77 KB
78 KB 795ms
789ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Lambda-on-a-quest-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9ebd6adeae79795147e64106786462f7688c6345320a272149ad96edf4389cd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 78654
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1333e-18c28b3d59f"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=in2i8WS0vlIICOXNGK8zuOfrv6%2BXeOSQIqe4EEPRM1H4mcgRiCi4S%2BI1u50nrxFxi2BT0%2BP2UrQpcg1bU5lDgWDGDI%2BC9gfZ28NDCUSbu4jOerTWTbM5qnj%2FdftV%2FMpvCgZ2yeyuJi8wqqHni6Ee"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6aedca63732-FRA

GET
H/1.1 200
OK RedDragon-1.png
return-thief.com/wp-content/uploads/2022/08/ 104 KB
105 KB 859ms
858ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/RedDragon-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a719c89333276e50e6df0d23ab2212122085440f27d0309c9d63a5d4adc86352

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 106354
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"19f72-18c28b3d5ef"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vV6joziViV%2Fob2n3vr1UFI%2B2zweD7IToVSGSszxx%2BUS%2BqmjcBwj%2BUT8Jz%2Bc42MyoMPEGQHhlpACYYJ8ML7eKrrjVMdQE%2Fq%2F8ZcGscJk9l1H3I9xav9MjCpBJRY3Y9%2FbH%2BxZoiSWUCuBpU2i6wzuT"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6af8d756727-AMS

GET
H/1.1 200
OK fa-brands-400.woff2
return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 77 KB
77 KB 897ms
841ms Font
font/woff2 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Request headers

Referer: http://return-thief.com/
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:10 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 78460
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1327c-18c28b3d4c4"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWiI8esKi7KfsNbkW49186XncR6wK5ienCVVOI8XhtCbWl%2BGHlgBtTks814QWRG48%2F11%2BvzB8vJ5VsSSM5yq0D0BBd%2FD2ZfLR%2F%2BsOqgRSz0hCOjruXeVRrFABjlv96zIcFrbXhTltnd%2F1hIkiFUv"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6900a6566b6-AMS

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0B53 28 B
54 B 24ms
23ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
X-Goog-Request-Time: 1706482030518
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/xw0ixm5mego
X-YouTube-Client-Version: 1.20240123.01.00
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgt6NTl3WkI0Z3dHVSjrstutBjIKCgJERRIEEgAgZA%3D%3D
X-YouTube-Ad-Signals: dt=1706482027157&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C500%2C1080&vis=1&wgl=true&ca_type=image

Response headers

date: Sun, 28 Jan 2024 22:47:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Sun, 28 Jan 2024 22:47:10 GMT

GET
H/1.1 200
OK fa-regular-400.woff2
return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 13 KB
14 KB 490ms
418ms Font
font/woff2 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://return-thief.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff2
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d

Request headers

Referer: http://return-thief.com/
Origin: http://return-thief.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:11 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 13548
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"34ec-18c28b3d4c8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2sC4cH3o4oG9LnnRGUGSAU9AR2AeMn42pSd%2BKO4fNMwvhkiKMEsjyULTN4MG34WRESSdifqm%2FBXYeBmxGzW7nM2sM6NzNh3BTIT7w1ZdEzd9EwV8URfn%2BYDtpujvFeNF2UEpZaCzuSWDqUKOK5O"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc695c8d03732-FRA

GET fa-brands-400.woff2
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

GET fa-brands-400.woff
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

GET fa-brands-400.ttf
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

GET fa-regular-400.woff2
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

OPTIONS log
play.google.com/ Frame 0
0

POST atr
www.youtube.com/api/stats/ Frame 0B53 0
0

POST log
play.google.com/ Frame 0B53 0
0

POST log_event
www.youtube.com/youtubei/v1/ Frame 0B53 0
0

GET
H3 200 xw0ixm5mego Show response
www.youtube.com/embed/ Frame 703E 93 KB
39 KB 59ms
58ms Document
text/html 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/xw0ixm5mego

Requested by

Host: return-thief.com
URL: http://return-thief.com/wp-includes/js/jquery/jquery.minaf6c.js?ver=3.6.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2f11f3bb5f98db5042c6a0d1dd9818b84eaa1dcfab4ad20bb75cec6ee7669e55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://return-thief.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Sun, 28 Jan 2024 22:47:12 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET fa-regular-400.woff
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

GET
H/1.1 200
OK Argus.gif
return-thief.com/wp-content/uploads/2022/08/ 8 MB
8 MB 229ms
228ms Image
image/gif 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Argus.gif
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5f6a319b694659059edae7e4763196092a76f809a564bf7eeb25e64ca127e8eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:15 GMT
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 8086914
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7b6582-18c28b3d58d"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bll8ZAM4IQAJAhLAraQXlqfR5kjPbtybdyi5JUSqiBwdj%2FkJlHqlukAIhmu2w9AOno%2FQciZ6xEwszIMDhpytkvbDn6E2Ib3n5ekAzlNZwOdHxQ0Uo634aYeWqcEP8451fDjxNaDs7WJgtDwq15aq"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6b15def66b6-AMS

GET
H/1.1 200
OK G.png
return-thief.com/wp-content/uploads/2022/08/ 112 KB
112 KB 2068ms
2068ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/G.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 68364bade8c9f691bd2b4bbb3aa7c9c2ad3344b6d96958559e32db326010edef

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:17 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 114386
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1bed2-18c28b3d596"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rUEaoSQyhNK72aJ0x0XKVzlGibJeFyesQFnF8QUq7FF3aUnh994bK5g2eqHmbjeP%2F1P0iOFP1dzuARgiXhavc0KQg8o50DzbtpXi2HjYwpV4K9YiwoDBjt9qHwttts5oEWyFUaxJF7urs0hSwpKh"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6b3cf9e3732-FRA

GET
H/1.1 200
OK H.png
return-thief.com/wp-content/uploads/2022/08/ 98 KB
98 KB 2505ms
2505ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/H.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6103aea3ac5a991992360396dd0ad02c271207ae5903b4dd07cda34bf5b3e54f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:18 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 99999
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1869f-18c28b3d598"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfiwSeS0NjyCxM5aKUk%2FXoLxCPX89k%2FKrmVHxqosgzy8pHzCrvY5hnYH9ClO9ZDMWhi7tvfckBLcqbQiXMViCKsF5Ut0ytbU9Y%2Fhg%2BLJHsEeerw4VprLo6R4Nr%2FwwlWMZpDeMAJ26GHcfWwzZkK4"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6b49d14b930-AMS

GET
H/1.1 200
OK PromoPic.png
return-thief.com/wp-content/uploads/2022/08/ 430 KB
431 KB 2382ms
2382ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/PromoPic.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 81aafaf9abd552defe25a2b88ab173673ff794a2e7bb390b242d40ae5df182eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:18 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 440644
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"6b944-18c28b3d5e8"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PwfCCrwQcp6TowDdAWWY%2Bz0u22cqiUiniGZ4163pIKaUNCMjIXeMMzJaoiOuN6DwCZyYIFmstGU0v%2FARQWGZZ7A1%2FfHCNKtMJtYuxh5Q4jLSKp4Lcj%2BjbWrJ%2B21zOYqZyAwJ%2F896ONixYoCM5gZX"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6b62e016727-AMS

GET
H/1.1 200
OK Pub.png
return-thief.com/wp-content/uploads/2022/08/ 398 KB
399 KB 818ms
816ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Pub.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b2fa37fbe6316477423035ddada1fd3e49be9e402e687175f8d6ae5264f67816

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:17 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 408004
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"639c4-18c28b3d5ee"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkTJgM%2FvnA6LBOdDnpblUcPgSi%2Bh8teZawQWBWLRtYa37QmxK8R6%2BIY2ODwyuDbQffIbDlxvoWkUYORLZqqXfwxVCs3XdFSBzkcm1zoZD7WHHlo2eFPffrUmdcyiAAx%2B2stA5QnhNAK4P4r2i0gp"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6b7893a660f-AMS

GET
H/1.1 200
OK Stegon.png
return-thief.com/wp-content/uploads/2022/08/ 72 KB
73 KB 816ms
813ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Stegon.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d1427e0c3c19e1fb5463426429bf916e6dd797ccb5af6eb74e27028f98338fe0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:17 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 74086
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"12166-18c28b3d5f2"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHhFI8pagJAYmC0pAumeeox8%2Fxy8QOrTtTjcNqHLeNe%2FtC6jasdSRzktSi32uA8h05bmqBrXGnhgfdpxlL0%2BgydlLwAYmwUOr%2By6aoht9LPo7cDE1NUMC3pDz8eowEYgRNPcPG4DlSombaogYXTo"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6bbfc7966b6-AMS

GET
H/1.1 200
OK Aevi-Origins.png
return-thief.com/wp-content/uploads/2022/08/ 73 KB
74 KB 839ms
839ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Aevi-Origins.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e0a4ec9044e0cebcd8a76b03f966a326c075c105393e6cb3019ba38e3546d14f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:18 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 75246
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"125ee-18c28b3d52c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1EjWawPcucO5E3INO%2Bf22wFpEuzW2RXUcUqGRTLpCXlyulzCVlFeWMCfzyzF0NfiA4wm9zjAVNleUl3sBF0FgRAIgDZ8gg2Qt65q%2F9yxpgJDS3laMU%2BTP3HhFla4yfdvB%2BueSZQxX24e4F%2FeDfr%2F"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6bf38ea660f-AMS

GET
H/1.1 200
OK Camp.png
return-thief.com/wp-content/uploads/2022/08/ 947 KB
948 KB 814ms
814ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Camp.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 458e1e5b1dd7260dfd6b3a15262858204c8b991e70e6577c262625ec35b75f57

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:18 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 970003
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"ecd13-18c28b3d592"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0PctX%2BnvdXyi221Getq1WwWzG6pR%2BvOE5Mg%2B1Z2MuEsJJ%2FP2rFtiW8sDYHuPYHDdmhD3urZ5rOxsZEkAD1q6g%2ByINBNXzTQpYwyxWjmITZhQgsuqOenRfDjbIciCFnZys1aRrNyo3s8eeVsj2aT"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c10bfa66b6-AMS

GET
H/1.1 200
OK DialogueBox.png
return-thief.com/wp-content/uploads/2022/08/ 31 KB
32 KB 642ms
642ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/DialogueBox.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e2d5de9ead51111afbc6ecf373fb43eeef4837a9114ca9e571b8b9c579e20c1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:18 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 31606
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"7b76-18c28b3d594"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s4UfzZkX8HQYJ5ZgqQZva5fxWTLkqHHftCSHpDLHLFUJUfPkd9ElqD8jXyqdl2MPj%2FFdBC7lI13BPEwHz4IEAc0Ybf7wH3RoG4QuEDVJNizTVRRb6lshdozIaXU33VTtnX13BY6gBDbEh9KWQa9k"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c1dfa73732-FRA

GET
H/1.1 200
OK yeti.gif
return-thief.com/wp-content/uploads/2022/08/ 4 MB
4 MB 809ms
809ms Image
image/gif 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/yeti.gif
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 574037fd5bca25a9820d74a2e05a7dbc4737a52062e24e6f711dae1c0ce3e006

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:19 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 3925882
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"3be77a-18c28b3d6b0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEo8sijaa33NBYDwM%2F6MQyJN4U5Blr0Ev9Tu45U0p%2BXXFdKhRcBHcRFJSjoltO%2F3uV9He%2BYC2iEzxbYhUI2kasvYQoTEr0vWlJrdEgF14YlXGxE0Yjb8ByqrBziEyotuGYonoQWh5Hzd%2BhnEeuLP"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c47e46660f-AMS

GET
H/1.1 200
OK IlliasCauldron.png
return-thief.com/wp-content/uploads/2022/08/ 92 KB
92 KB 810ms
810ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/IlliasCauldron.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b7969cc81215a388c2a11fc6144a2e5219eabafc3ee21cabd5d3146b9cd67573

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:19 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 93718
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"16e16-18c28b3d59a"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aWl%2FwvvljfZSjFI6b9sqvml%2BgqRXSvIwqnASfXv0X%2FpwvGKQBAOzRil7NLQIz46GqAIp1wZAeEaUY7b11u15JOuGOZFtRlt%2BcYfhT%2F37uTeGU93LUfWAM5TnOBh9vFB42tVKQDxyhJ6nU31d9XXR"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c58dd0b930-AMS

GET
H/1.1 200
OK King-Vicar.png
return-thief.com/wp-content/uploads/2022/08/ 782 KB
783 KB 848ms
848ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/King-Vicar.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 54d8141e126873caa40ab76d184a10d0a38cc63605e30d174f07caad92b45248

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:19 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 801220
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"c39c4-18c28b3d59e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTDUCoPQh4DmC%2FhFVKebpR%2Fi3Vq8dWaA4NcykSH9hzO498vhoax%2BjHE%2B%2FDa3A0WJCXXhY0oU5LrzCS5sMB3R9k4p%2FJ5zve2Zuho58y1xiEUyp1Hsj%2F%2BXhYRa6GjblswIkTom7Box%2FLbyf%2B3wBJ1a"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c5da233732-FRA

GET
H/1.1 200
OK Lambda-on-a-quest.png
return-thief.com/wp-content/uploads/2022/08/ 77 KB
78 KB 816ms
815ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/Lambda-on-a-quest.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9ebd6adeae79795147e64106786462f7688c6345320a272149ad96edf4389cd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:20 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 78654
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"1333e-18c28b3d5a0"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6PQPTPGbVt0qk7Uj0lx%2BgjzaFz4%2Bwa1zb8r7Dp%2FiEn4hrbQa75a6m8h49hlu87VselureQqoWr1f2pXVSuZmWrpSo7Py6sBQ0NfPHJ%2BIVKCIeFWBEE2Tlbi%2FIALVb365htPSHhauJ70iP%2FB6pZQ"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6c8f96c1c3c-FRA

GET
H/1.1 200
OK RedDragon-1.png
return-thief.com/wp-content/uploads/2022/08/ 104 KB
105 KB 849ms
849ms Image
image/png 2606:4700:3030::ac43:a8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://return-thief.com/wp-content/uploads/2022/08/RedDragon-1.png
Requested by: Host: return-thief.com
URL: http://return-thief.com/
Protocol: HTTP/1.1
Server: 2606:4700:3030::ac43:a8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a719c89333276e50e6df0d23ab2212122085440f27d0309c9d63a5d4adc86352

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date: Sun, 28 Jan 2024 22:47:20 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Powered-By: Express
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 106354
Last-Modified: Sat, 02 Dec 2023 04:05:23 GMT
Server: cloudflare
ETag: W/"19f72-18c28b3d5ef"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Edq5UBBdBjuKiQdWzh15ljkOJV%2Fq%2FQXCFNXjKLhUTNgwF0kQaho6C9bVYz9kZnl7juoTIdGpxcq2hKmoGTyyw2CxWvK%2FmVehZz9NoBKJlvASro%2Bomn%2BnMX21zWNGkSfCkqZyUwsxDoVlaaT2qSQ"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
CF-RAY: 84ccc6caaaf5b930-AMS

GET
H3 200 www-player.css
www.youtube.com/s/player/cb886c6c/ Frame 703E 359 KB
46 KB 12ms
10ms Stylesheet
text/css 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0927d0eb1802a65f1b033034b2d947118d176148381dce25c885d9deb94b9d7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 08:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52647
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47487
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 27 Jan 2025 08:09:45 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 703E 53 KB
16 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9419adcc1f13fd1ae3c0d347a3803311060a2d8d35759514019ceb545aa6d108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397359
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16791
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:33 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/ Frame 703E 319 KB
95 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5904ac053ee5163169774e5563cc32a2c458a4ce0e8b4e76e173998f4d01d580

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 14:04:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97391
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 27 Jan 2025 14:04:17 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 703E 2 MB
771 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ac64e5d6f76ccb2e045537f017a83122eedb10a18e4cad23a8563df1e96d5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 397359
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 789328
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:33 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 703E 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Mon, 22 Jan 2024 05:31:50 GMT
x-content-type-options: nosniff
age: 580522
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 21 Jan 2025 05:31:50 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 703E 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 23 Jan 2024 09:09:14 GMT
x-content-type-options: nosniff
age: 481078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 09:09:14 GMT

GET fa-regular-400.ttf
manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/ 0
0

POST
H2 204 collect
www.google-analytics.com/g/ 0
254 B 37ms
13ms Ping
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RZJE56PX5N&gtm=45je3an0&_p=1173177127&cid=1887752639.1706482033&ul=en-us&sr=1600x1200&_s=1&sid=1706482032&sct=1&seg=0&dl=http%3A%2F%2Freturn-thief.com%2F&dt=Return%20Thief%20-%20Indie%20RPG&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: return-thief.com
URL: http://return-thief.com/gtag/js?id=G-RZJE56PX5N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://return-thief.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 28 Jan 2024 22:47:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://return-thief.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 703E
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

15ms
15ms

XHR
application/json

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20e62e88f0da0e6877782e34510b4c217a4c525c267953bc4e7b9c4d5e009ab7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 28 Jan 2024 22:47:12 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 703E 29 B
92 B 9ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:40:32 GMT
x-content-type-options: nosniff
age: 400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 28 Jan 2024 22:55:32 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 28 Jan 2024 22:47:13 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 703E 87 KB
40 KB 25ms
25ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abe12f78e8dc70a4d438001118c862a9d88ba7aa9a4e390c2d31471026c62960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sun, 28 Jan 2024 22:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41197
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/ Frame 703E 117 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ae389a5daf8a3cf0af4742ede3304801fb55d272726f8fab13254abaef80b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 08:24:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33854
x-xss-protection: 0
last-modified: Wed, 24 Jan 2024 05:49:18 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 23 Jan 2025 08:24:47 GMT

GET
H2 200 cHoal1GHrde4YWVmtNRS7rfNld6iV6ittWnnuOkThR0.js Show response
www.google.com/js/th/ Frame 703E 51 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/cHoal1GHrde4YWVmtNRS7rfNld6iV6ittWnnuOkThR0.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

707a1a975187add7b8616566b4d452eeb7cd95dea257a8adb569e7b8e913851d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 21:19:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 91659
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19856
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 10:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 26 Jan 2025 21:19:34 GMT

GET
H3 200 sddefault.webp
i.ytimg.com/vi_webp/xw0ixm5mego/ Frame 703E 4 KB
4 KB 9ms
9ms Image
image/webp 2a00:1450:4001:802::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/xw0ixm5mego/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b7cd5c9885b40d953693e4a3c56fd364bf2a3cb8e1148f83a10afee4b4846ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
age: 6
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4000
x-xss-protection: 0
server: sffe
etag: "1699563165"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 29 Jan 2024 00:47:07 GMT

GET
DATA 200
OK truncated
/ Frame 703E 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Q2mSjsGIwAnZACAM0faZrYzUgD-3R4MDf1zBWrb4mi9HCcbsPMQA2aSgpcQiNXbvjtHlrqs5=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 703E 5 KB
5 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/Q2mSjsGIwAnZACAM0faZrYzUgD-3R4MDf1zBWrb4mi9HCcbsPMQA2aSgpcQiNXbvjtHlrqs5=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7177738a55f2bb4253eff94d11d198275570aeee62f574ecc30b880e175f12e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:07 GMT
x-content-type-options: nosniff
age: 6
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5174
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 29 Jan 2024 22:47:07 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 14ms
14ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sun, 28 Jan 2024 22:47:13 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 703E 90 B
134 B 49ms
47ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e899ff62cbac4eea76702582960633b9c81d5076e73daeb234d49b27e0e2ab6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Sun, 28 Jan 2024 22:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 703E 4 KB
2 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 28 Jan 2024 22:47:13 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 703E 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?0nF4YA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/xw0ixm5mego
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/xw0ixm5mego
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sun, 28 Jan 2024 22:47:13 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 703E 28 B
54 B 20ms
19ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cb886c6c/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
X-Goog-Request-Time: 1706482035243
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/xw0ixm5mego
X-YouTube-Client-Version: 1.20240123.01.00
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgt6NTl3WkI0Z3dHVSjwstutBjIKCgJERRIEEgAgZA%3D%3D
X-YouTube-Ad-Signals: dt=1706482032874&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C500%2C281&vis=1&wgl=true&ca_type=image

Response headers

date: Sun, 28 Jan 2024 22:47:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Sun, 28 Jan 2024 22:47:15 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.ttf

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff2

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true&authuser=0

Domain: www.youtube.com
URL: https://www.youtube.com/api/stats/atr?ns=yt&el=embedded&cpn=E6KU6O69knqMTAd5&ver=2&cmt=0&fs=0&rt=0&euri=http%3A%2F%2Freturn-thief.com%2F&lact=3961&cl=600982575&mos=0&volume=100&cbr=Chrome&cbrver=120.0.6099.224&c=WEB_EMBEDDED_PLAYER&cver=1.20240123.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&epm=1&hl=de_DE&cr=DE&len=121&fexp=v1%2C23894289%2C89007%2C21348%2C2602%2C73492%2C54572%2C73455%2C153856%2C23107%2C53633%2C84737%2C35229%2C1089%2C6271%2C26439494%2C4054%2C1930%2C5181%2C9369%2C1556%2C1141%2C8128%2C11466%2C4683%2C9954%2C2008%2C3277%2C4160%2C1996%2C11773%2C3001%2C1473%2C1598%2C24%2C3436%2C1908%2C2%2C5703%2C1866&muted=0&docid=xw0ixm5mego

Domain: play.google.com
URL: https://play.google.com/log?format=json&hasfast=true&authuser=0

Domain: www.youtube.com
URL: https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff

Domain: manafinder.com
URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.ttf

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: TG4DMS2Rj1s
.youtube.com/	1970-01-20 22:20:34	Name: VISITOR_INFO1_LIVE Value: z59wZB4gwGU
.return-thief.com/	1970-01-21 03:37:22	Name: _ga_RZJE56PX5N Value: GS1.1.1706482032.1.0.1706482032.0.0.0
.return-thief.com/	1970-01-21 03:37:22	Name: _ga Value: GA1.1.1887752639.1706482033

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: http://return-thief.com/(Line 4918) Message: Unrecognized feature: 'web-share'.
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.ttf' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-brands-400.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff2' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://return-thief.com/ Message: Access to font at 'https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.ttf' from origin 'http://return-thief.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://manafinder.com/wp-content/themes/Divi/core/admin/fonts/fontawesome/fa-regular-400.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
jnn-pa.googleapis.com
manafinder.com
play.google.com
return-thief.com
static.doubleclick.net
www.google-analytics.com
www.google.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
manafinder.com
play.google.com
www.youtube.com
2606:4700:3030::ac43:a8cc
2a00:1450:4001:801::2003
2a00:1450:4001:802::2016
2a00:1450:4001:806::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:828::2006
2a00:1450:4001:829::200e
2a00:1450:4001:831::2001
45.41.235.65
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03e8ab0de61e811eb275a6ef06d8ac8258305527da9fe0391d6528b73f239eec
081ae9baaacc857c1c2cb51de6dbd0e1eb811c2761ef01a50df373f2f6eefe22
0927d0eb1802a65f1b033034b2d947118d176148381dce25c885d9deb94b9d7a
16fd6352c4b741b3bc6238669bd4811762d52c4b7f2ba0eb4c9af5f656880997
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
20e62e88f0da0e6877782e34510b4c217a4c525c267953bc4e7b9c4d5e009ab7
216dcaae75f9f980abe42e10d74d654766a1dd3d3e211d8878049d7faa2b9d7e
2938c2bae81668158c926a5789b036328f7402dc21403c0b559242cc89766e68
2f11f3bb5f98db5042c6a0d1dd9818b84eaa1dcfab4ad20bb75cec6ee7669e55
381993474a10cdbe197ecfae4c553135f696436438e7f53b3988757ca02e2ca3
3c05a0927c8ad63fbedbbb3a8e142c096f004813743a65e0fcf04cd261e4705f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
42a9abbc8fc9b178da6b3547d3746031bb9fba2bb65a838019bd840bf326b88c
42f881d1c02f9bcfd3573550eb270f2b7089988651111d5ccf094cf45a04b674
447790eac6eb7f6c3279b1f63704e4217c1c2a0573f7ffebb247f8a67f70f98f
458e1e5b1dd7260dfd6b3a15262858204c8b991e70e6577c262625ec35b75f57
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
543abcc9b648e8163b776c15632a566251717566a4d724f9939bef59399eefc4
54d8141e126873caa40ab76d184a10d0a38cc63605e30d174f07caad92b45248
574037fd5bca25a9820d74a2e05a7dbc4737a52062e24e6f711dae1c0ce3e006
577fe989c5a7363ee9df36c1d191cf057360c1c6fec57a2cc6f059899db3d5a4
5904ac053ee5163169774e5563cc32a2c458a4ce0e8b4e76e173998f4d01d580
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5f6a319b694659059edae7e4763196092a76f809a564bf7eeb25e64ca127e8eb
6103aea3ac5a991992360396dd0ad02c271207ae5903b4dd07cda34bf5b3e54f
62a65bbe30f8a97595a13c92824bab6ca82029073818ccf6110b2963b3b44d38
64186f0e44c49d95b0292d352a8a75888a5d61d9a3dfaae0fc2bc2731372b379
64c84e16c6cc39422a393b52b7d66177ff900d5af3290b3eb62ebe22a42dcfea
65d8651bd1857952d2d03fdf7ec4190396596e1d5e84e7a205b4486d9885c3ee
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
68364bade8c9f691bd2b4bbb3aa7c9c2ad3344b6d96958559e32db326010edef
6ac64e5d6f76ccb2e045537f017a83122eedb10a18e4cad23a8563df1e96d5cd
6b7cd5c9885b40d953693e4a3c56fd364bf2a3cb8e1148f83a10afee4b4846ab
707a1a975187add7b8616566b4d452eeb7cd95dea257a8adb569e7b8e913851d
7177738a55f2bb4253eff94d11d198275570aeee62f574ecc30b880e175f12e2
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
75a5f96d771f0c8ef2bc023d6543cb0e21921dffbb38536658b73f2169b2abd4
7756716c0cb3db151c4f594d94d64920faee524d6a450e5cbb6777e351e37311
79f0556c91d48ad8e62f6593abfb6791ca402be460e32abf348c2b3a66ef9c3a
81aafaf9abd552defe25a2b88ab173673ff794a2e7bb390b242d40ae5df182eb
820faadc8264d6a7a10162a0aeb01906619ee173dedc66cc13e9a2cff26cdf3e
8510025441d67b07de6669c51c9bab5159d72ca339dcdc1f5b9e7758999e82c4
88c317832218a45e4b3d793067166a404a1a603fc94725e013b58048e867cee6
8ae389a5daf8a3cf0af4742ede3304801fb55d272726f8fab13254abaef80b50
8beb5ba1c7917d8fe9393ad50eadb2de76f38fd15ef8c832fcceb518f74312c1
8c50d55c106a2a7482f00fdcf2a456c39eacdab6ec640c4ebf47f5046bd8d496
9419adcc1f13fd1ae3c0d347a3803311060a2d8d35759514019ceb545aa6d108
96abf166b3cbb5f7df525d86fdeeeccea4af3c120b19bc26b0613530a94e8b44
9ebd6adeae79795147e64106786462f7688c6345320a272149ad96edf4389cd7
a0d93b924346d3e63a0ed2d5f46cef0fd6b0a1614c9611ada94f67905f9a7b0b
a41154bd01febfa94dbed46492b7753e42139ddddbaa49b288136d5a068eb307
a719c89333276e50e6df0d23ab2212122085440f27d0309c9d63a5d4adc86352
abe12f78e8dc70a4d438001118c862a9d88ba7aa9a4e390c2d31471026c62960
b2fa37fbe6316477423035ddada1fd3e49be9e402e687175f8d6ae5264f67816
b44080f70aa628f2d19eea4951050dbf3ffea77f20e2bc98f92d52cefedba5bf
b7969cc81215a388c2a11fc6144a2e5219eabafc3ee21cabd5d3146b9cd67573
b94c2a9d3a56096972f6eca9c29dce1ad98a63ca36c1125ae6c2821995c462f7
bcc7eb8b166689cc607d38b54cdde27763ee8ca6a9a84fa4563874e7df5aaea9
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c01b328991ed231dff99643e77db215b2f41b15bb2e2c9c0222d9831d4073057
c36ab7960973e905b4c42046d4d9963ce2c93a909a8b55122c62d5d9ccc874a5
c4aea70d5f40957b5c7487723baff668ef37a941774824506bfea785d1725a43
c4e84c43bffaad0ccac8e7e0179d561afabe17f819b8e62d95d2b2f8cc628c26
c54489168d5a42ba6c46a436e1323bf4078afc973b9712db2365ed0ba99ea6db
cdaa9b97ed2701347c1379d0e73b618b5495ed8d89c4a4ea7d77d286f856ee08
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d
d1427e0c3c19e1fb5463426429bf916e6dd797ccb5af6eb74e27028f98338fe0
d4825f811d5683aa768029fd61b72338062ee7f4b127198281f2f84bc1eab4ce
d6e1f040efc9de59ea56ccbf6ce8ad2d8936ec5da1cbb684ae3f8a116da44e01
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d882d6d9dd7feba454ce6860cc644999b7e33283edc19bc77502553fd829882a
db7fd51175ab51e70075e5a86af68408891d94906c6588734ac0c6490c8be63a
e0a4ec9044e0cebcd8a76b03f966a326c075c105393e6cb3019ba38e3546d14f
e157a805df2257515250ff4c91e5abde50f7e0d9634946878dbb132159e0e97e
e2d5de9ead51111afbc6ecf373fb43eeef4837a9114ca9e571b8b9c579e20c1b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e75d35f50f8c1b9274cd409ae240c978aa84df508946d20c9b1a741c8bb9da6b
e79c2134a52e80c5b994416b54c9db639c4a4271fb51a00efd083c121e90a69e
e899ff62cbac4eea76702582960633b9c81d5076e73daeb234d49b27e0e2ab6f
ea8ef5591e8ffdc06a3d3cb3b947fd602d98b489351ae3dd7250c886b6f19e23
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eec7c773da90b40e0ee7de34f35fd112555b2598b3712bd178c86bb7de08ccce
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f733500e56d4ec9fbfa159784eb56c2a73acd0adb16a67df96f158458bc71936

return-thief.com Open in urlscan Pro 2606:4700:3030::ac43:a8cc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

133 Requests

31 %HTTPS

92 %IPv6

10 Domains

13 Subdomains

13 IPs

2 Countries

34876 kBTransfer

41838 kBSize

4 Cookies

2 Outgoing links

Redirected requests

133 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

return-thief.com Open in urlscan Pro
2606:4700:3030::ac43:a8cc Public Scan

Screenshot
Live screenshot

Full Image

133
Requests

31 %
HTTPS

92 %
IPv6

10
Domains

13
Subdomains

13
IPs

2
Countries

34876 kB
Transfer

41838 kB
Size

4
Cookies

133 HTTP transactions
2 data transactions