login.travelreturns.com Open in urlscan Pro
199.73.52.3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://login.travelreturns.com/
Submission: On July 07 via automatic, source certstream-suspicious (July 7th 2024, 12:38:39 pm UTC) — Scanned from DE

Summary HTTP 55 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 16 domains to perform 55 HTTP transactions. The main IP is 199.73.52.3, located in Chula Vista, United States and belongs to SCALEMATRIX, US. The main domain is login.travelreturns.com.
TLS certificate: Issued by R10 on July 6th 2024. Valid for: 3 months.

This is the only time login.travelreturns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	199.73.52.3 199.73.52.3	33695 (SCALEMATRIX) (SCALEMATRIX)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.69.29 172.67.69.29	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.212.202.218 23.212.202.218	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
6	2600:9000:235... 2600:9000:235a:6e00:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::6812:20c1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	52.58.176.152 52.58.176.152	16509 (AMAZON-02) (AMAZON-02)
1	2.19.96.75 2.19.96.75	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	3.121.158.7 3.121.158.7	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	95.101.111.146 95.101.111.146	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	20.50.88.245 20.50.88.245	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
55	19

16 199.73.52.3 (Chula Vista, United States)

ASN33695 (SCALEMATRIX, US)
PTR: www.saveonresorts.com

login.travelreturns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.69.29 (United States)

ASN13335 (CLOUDFLARENET, US)

code.ionicframework.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.202.218 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-202-218.deploy.static.akamaitechnologies.com

470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:235a:6e00:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:20c1 (United States)

ASN13335 (CLOUDFLARENET, US)

cookies-data.onetrust.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.176.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-176-152.eu-central-1.compute.amazonaws.com

collect.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.96.75 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-96-75.deploy.static.akamaitechnologies.com

cdn.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.158.7 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-158-7.eu-central-1.compute.amazonaws.com

visitor-service-eu-central-1.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.111.146 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-146.deploy.static.akamaitechnologies.com

api.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

512-jjp-615.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.50.88.245 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	travelreturns.com login.travelreturns.com	842 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 441	159 KB
6	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1370	64 KB
3	livechatinc.com cdn.livechatinc.com — Cisco Umbrella Rank: 5668 api.livechatinc.com — Cisco Umbrella Rank: 5179	32 KB
2	visualstudio.com dc.services.visualstudio.com — Cisco Umbrella Rank: 600	201 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 5289	6 KB
2	tealiumiq.com collect.tealiumiq.com — Cisco Umbrella Rank: 4214 visitor-service-eu-central-1.tealiumiq.com — Cisco Umbrella Rank: 32265	1001 B
2	onetrust.io cookies-data.onetrust.io — Cisco Umbrella Rank: 16821	85 B
2	ionicframework.com code.ionicframework.com — Cisco Umbrella Rank: 21106	117 KB
1	mktoresp.com 512-jjp-615.mktoresp.com — Cisco Umbrella Rank: 430926	318 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1793
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 85	92 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 726	296 B
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 3385	22 KB
1	rackcdn.com 470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com	32 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1359	7 KB
55	16

	Domain	Requested by
16	login.travelreturns.com	login.travelreturns.com
12	cdn.cookielaw.org	tags.tiqcdn.com az416426.vo.msecnd.net cdn.cookielaw.org login.travelreturns.com
6	tags.tiqcdn.com	login.travelreturns.com tags.tiqcdn.com
2	dc.services.visualstudio.com	az416426.vo.msecnd.net
2	munchkin.marketo.net	tags.tiqcdn.com munchkin.marketo.net
2	api.livechatinc.com	cdn.livechatinc.com
2	cookies-data.onetrust.io	az416426.vo.msecnd.net
2	code.ionicframework.com	login.travelreturns.com code.ionicframework.com
1	512-jjp-615.mktoresp.com	munchkin.marketo.net
1	region1.google-analytics.com	www.googletagmanager.com
1	visitor-service-eu-central-1.tealiumiq.com	tags.tiqcdn.com
1	cdn.livechatinc.com	tags.tiqcdn.com
1	collect.tealiumiq.com	az416426.vo.msecnd.net
1	www.googletagmanager.com	tags.tiqcdn.com
1	geolocation.onetrust.com	az416426.vo.msecnd.net
1	az416426.vo.msecnd.net	login.travelreturns.com
1	470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com	login.travelreturns.com
1	maxcdn.bootstrapcdn.com	login.travelreturns.com
55	18

This site contains links to these domains. Also see Links.

Domain
www.vacationowners.net
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
booking.travelreturns.com R10	`2024-07-06` - `2024-10-04`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
ionicframework.com E5	`2024-06-27` - `2024-09-25`	3 months	crt.sh
*.ssl.cf2.rackcdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-24` - `2024-11-27`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-06-06` - `2025-06-06`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M02	`2024-03-19` - `2025-04-17`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.io WE1	`2024-06-30` - `2024-09-28`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.tealiumiq.com Amazon RSA 2048 M02	`2024-06-25` - `2025-07-24`	a year	crt.sh
livechat.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-31` - `2025-01-31`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
prod.ai.ingestion.msftcloudes.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-25` - `2025-06-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.travelreturns.com/
Frame ID: 8E2DD2302D0CF91AA8F175D27D260F66
Requests: 54 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Travel Returns

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

LiveChat (Live Chat) Expand

Overall confidence: 100%
Detected patterns

cdn\.livechatinc\.com/.*tracking\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

55
Requests

98 %
HTTPS

39 %
IPv6

16
Domains

18
Subdomains

19
IPs

4
Countries

1375 kB
Transfer

2863 kB
Size

16
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.vacationowners.net/privacypolicy.aspx
Title: Learn More

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

55 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
login.travelreturns.com/ 19 KB
10 KB 1624ms
1055ms Document
text/html 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

a092a79b73e31f4b4a19bfc86e13104bc2f7c4f944b436a0bf094db6c830efc8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: private
Connection: close
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Content-Type: text/html; charset=utf-8
Date: Sun, 07 Jul 2024 12:38:29 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-AspNet-Version: arrivia
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: arrivia
X-XSS-Protection: 1;mode=block

GET
H3 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
7 KB 121ms
63ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 12:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1029
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1092778
cdn-cachedat: 03/18/2024 12:10:08
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4fbd15cb6047af93373f4f895639c8bf"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 08e05320f24d8e808a4ef38c6a818369
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 89f7e45b2a08c05b-WAW
cdn-requestpullsuccess: True

GET
H3 200 ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ 50 KB
9 KB 107ms
51ms Stylesheet
text/css 172.67.69.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Requested by: Host: login.travelreturns.com
URL: https://login.travelreturns.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.69.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 029f2544c9c8bbfbf69d4b3ef7640909947fa4d1
date: Sun, 07 Jul 2024 12:38:30 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Wed, 26 Jun 2024 07:31:25 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51572
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 8313
x-served-by: cache-fra-eddf8230081-FRA
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
server: cloudflare
x-github-request-id: 74E8:256516:24568CB:251363B:667BC175
x-timer: S1720304338.371496,VS0,VE1
etag: W/"64382bc3-c854"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaECVkl%2Fmbt9EPqAUqDzctBaPP73HevZ1A3AoGni7BOecOYlSPK9S57HS6VwWgnalaUnCuy8UTtZWdBcpXuHXh5NHlO9b%2FIgoxutoUTMaSSvq2YP168upOHDw7y1nWpw169M%2FjYikILp"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 89f7e45b1f2b8f3b-FRA
x-cache-hits: 1

GET
H/1.1 200
OK site.css
login.travelreturns.com/Styles/ 35 KB
8 KB 599ms
238ms Stylesheet
text/css 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/Styles/site.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

230919016ae3139e0e9d814ee40741bf61aade49ab4525c5512a13d23e0cc7b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Pragma: no-cache
Referrer-Policy: no-referrer-when-downgrade
Server: arrivia
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Cache-Control: no-cache
Expires: -1

GET
H/1.1 200
OK colorbox.css
login.travelreturns.com/Scripts/ColorBox/Style1/ 5 KB
3 KB 545ms
184ms Stylesheet
text/css 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/Scripts/ColorBox/Style1/colorbox.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

ff28aca264e1a23d1ff01941df13b8b8ca9e51045775b6acb7c748836b4bf119

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes

GET
H/1.1 200
OK ui-culture.css
login.travelreturns.com/Styles/ 3 KB
2 KB 553ms
190ms Stylesheet
text/css 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/Styles/ui-culture.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

b9ce979672c4faa146ecdf531d518d8a8ce14eef39810bec91640c7a99ea4892

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes

GET
H/1.1 200
OK common.js Show response
login.travelreturns.com/scripts/ 335 B
2 KB 552ms
188ms Script
application/javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/scripts/common.js

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

cd98b62484c880a422c23f02a1320f0276016625bd0d81be68e4c1f27f390aaa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.min.js Show response
login.travelreturns.com/scripts/ 85 KB
36 KB 554ms
190ms Script
application/javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/scripts/jquery.min.js

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery-migrate-1.2.1.js Show response
login.travelreturns.com/Scripts/ColorBox/ 17 KB
8 KB 554ms
191ms Script
application/javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/Scripts/ColorBox/jquery-migrate-1.2.1.js

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

6f63c4b4f22a8153e076e7e698fd7d5322177598b3dece151168ee23e918d5fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.colorbox-min.js Show response
login.travelreturns.com/scripts/ColorBox/ 9 KB
6 KB 1097ms
183ms Script
application/javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/scripts/ColorBox/jquery.colorbox-min.js

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

5e05c8986c7e98ee158b822813fc8c6660b54d298f173e6ba96f003c68ef3083

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes

GET
H/1.1 200
OK WebResource.axd Show response
login.travelreturns.com/ 23 KB
7 KB 1103ms
185ms Script
application/x-javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/WebResource.axd?d=i2UroWUp4AdNhXq0PHIiXLZn05KF6T1VI0KRV76bb81rtEBBR5x5_GjKLBTbYLNsbdsAT2pQgOy8nsgNtT2iQJf8W3Kh8HwKK66-5puOF8M1&t=638459572569584809

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 14 Mar 2024 03:07:36 GMT
Server: arrivia
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public
Expires: Mon, 07 Jul 2025 07:10:06 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
login.travelreturns.com/ 87 KB
28 KB 1327ms
365ms Script
application/x-javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/ScriptResource.axd?d=aG2I8dyCj5rgo6vnFNSH1KghBMZ2ONWmhCaho8dP4hfkWnMEfGJwekvoo8Z4yeRa9ruzV40Yc9zWrY6A0PEw7v8amzzmnpQJZ6xGk0Nt_lfrXMUw31zEjseCHPXggYdb0&t=610a7411

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

9f9425c961900c8d8b3b30085c3969eef0c845a11c5be9fad704d160c64a12f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Connection: close
Content-Length: 27722
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 07 Jul 2024 07:30:07 GMT
Server: arrivia
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public
Expires: Mon, 07 Jul 2025 07:30:07 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
login.travelreturns.com/ 36 KB
11 KB 1282ms
184ms Script
application/x-javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/ScriptResource.axd?d=jQTuq89MG7ttkmpdwgI3obbXu9WqbVcEKRxb7vQvyvepHqKDNvPxfolH_crXOUTRfmsokf14ZAJUQzf-aXZ1zRD7R4p31xUnDo7linhVibKI6SjAbSuEUpIujkFzQCrEgYRgznADEcIFuweGvvsKOQ2&t=610a7411

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

e44c3b782978c44af9885b97302632e45ff19d01ecb745e91d21cf597c22cb29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Connection: close
Content-Length: 9936
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 07 Jul 2024 07:30:07 GMT
Server: arrivia
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public
Expires: Mon, 07 Jul 2025 07:30:07 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
login.travelreturns.com/ 12 KB
5 KB 1630ms
182ms Script
text/javascript 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/ScriptResource.axd?d=Uys25nSeOYn_K6_8XC3E5Tk91SQ0jfZWOQ8LYcUjWGBqXzhSl2aM2u6CIx8YpI6Trj0LQq4ovBsHsRjwFTekmvYRCTVh7LUBRoGyzGTxU-6hxi6YlFw7nHVQ3N-HRx9bkEnDWWwFIYeVvRk7EgdBXjEwvfOv-reZc2WbJESOnZXN-GDrJVqUrmii5-8nn9MW0&t=5fb20a04

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

54d99ef58ef9687acbed577cfdd84f14084b9f9708555da9cac7b155a1aa70e7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Connection: close
Content-Length: 3884
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sun, 07 Jul 2024 07:43:10 GMT
Server: arrivia
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Cache-Control: public
Expires: Mon, 07 Jul 2025 07:43:10 GMT

GET
H/1.1 200
OK 080188bf-3a03-43e9-bc60-87583ec1b22a.png
470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com/ 31 KB
32 KB 236ms
50ms Image
image/png 23.212.202.218
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com/080188bf-3a03-43e9-bc60-87583ec1b22a.png
Requested by: Host: login.travelreturns.com
URL: https://login.travelreturns.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.212.202.218 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-202-218.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9cb5e4dddd26dd63a1f43a8a0a7f3da566db5431079c255bfdb1774d982365fa

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Last-Modified: Fri, 06 Jul 2018 18:26:36 GMT
ETag: fe85d40a1c2b60ff80c892fdad35665e
Content-Type: image/png
X-Timestamp: 1530901595.11289
Cache-Control: public, max-age=165184
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31890
X-Trans-Id: tx7f64b017f0f84b20baadc-0066891d2bord1
Expires: Tue, 09 Jul 2024 10:31:35 GMT

GET
H/1.1 200
OK font.css
login.travelreturns.com/styles/ 548 B
2 KB 488ms
184ms Stylesheet
text/css 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/styles/font.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/Styles/site.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

8c420e87f727ef0aa331feb2d325bd1499fea67a57fff434fd315b507088491a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/Styles/site.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes

GET
H/1.1 200
OK foundation.min.css
login.travelreturns.com/Styles/Foundation/ 73 KB
13 KB 498ms
185ms Stylesheet
text/css 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/Styles/Foundation/foundation.min.css

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/Styles/site.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

a4aa45ffe18fcc5c2d3ec4cfc2c8927ab8fb88d7ea614ee0f3bc80cdcd2727fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/Styles/site.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
Connection: close
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 230ms
40ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: login.travelreturns.com
URL: https://login.travelreturns.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD6) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:32 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 1596
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/4CD6)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 165fcfea-301e-004b-0c66-d0cff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Sun, 07 Jul 2024 13:08:32 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8dfc738e24bb8d23609f2aeca1e7fec2f55daec9615c6f3f94a614c35608e31

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/ice/main/prod/ 306 KB
46 KB 164ms
48ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Requested by: Host: login.travelreturns.com
URL: https://login.travelreturns.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fea38edefff54be4997eccdec849d62e130abea09a971e34f6607f490373ffbc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: WBtAxc.nurn0Noc11XeIIXKkNpx.KLdj
content-encoding: br
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 12:38:32 GMT
last-modified: Wed, 03 Jul 2024 20:20:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 172
x-amz-server-side-encryption: AES256
etag: W/"6869a8cc1c3e086289922d1f547d3dbe"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: B3QYXQFOg7t3mn86QKtN4jfHgekbUgKwXTUOF2__opI5LLEvDgd7Xw==

GET
H3 200 ionicons.ttf
code.ionicframework.com/ionicons/2.0.1/fonts/ 184 KB
108 KB 111ms
65ms Font
font/ttf 172.67.69.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://code.ionicframework.com/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.1
Requested by: Host: code.ionicframework.com
URL: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.69.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Origin: https://login.travelreturns.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: bb9b2aa037af89c35037be539c0613474b838cb4
date: Sun, 07 Jul 2024 12:38:32 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Wed, 12 Jun 2024 02:26:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: HIT
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 110019
x-served-by: cache-fra-eddf8230121-FRA
last-modified: Thu, 13 Apr 2023 16:20:19 GMT
server: cloudflare
x-github-request-id: DDB8:1F5A1B:17B5445:186C837:66690579
x-timer: S1720355913.542632,VS0,VE1
etag: W/"64382bc3-2e05c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJsapw3OLU9bMLcPNBg6f2ykxVAcle%2B593HdkupEztGemY0OoYZZ6weaTedjvTrd%2FCC5GqilZtFnhUGQ5OymJfkYFKVOh0erxTMa3u3BtryIToQCmhCGs416Oi1EYeyvHYboIu5VBE88"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 89f7e4654fe85b74-FRA
x-cache-hits: 5

GET
H/1.1 200
OK BackgroundImage(1)-min.jpg
login.travelreturns.com/Images/Template/ 699 KB
700 KB 551ms
188ms Image
image/jpeg 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.travelreturns.com/Images/Template/BackgroundImage(1)-min.jpg

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

0e601179c318d8211894a819cb4248629155c3724aa4cf3742fc8b8bb3d67dc2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:32 GMT
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Connection: close
Content-Length: 715843
X-XSS-Protection: 1;mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Sat, 23 Dec 2023 06:33:38 GMT
Server: arrivia
ETag: "0cd3ef66935da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Accept-Ranges: bytes

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 146ms
54ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ceCldLDyZN6bSQL6yyKLMg==
age: 36453
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:22 GMT
server: cloudflare
etag: 0x8DC9B7A38C8323B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 0e1d26ea-301e-0069-5679-cdcc26000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e466d94136df-FRA
expires: Mon, 08 Jul 2024 12:38:32 GMT

GET
H2 200 0d47348c-b4b0-4553-a5f7-71d8e952b22e.json Show response
cdn.cookielaw.org/consent/0d47348c-b4b0-4553-a5f7-71d8e952b22e/ 5 KB
2 KB 180ms
97ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/0d47348c-b4b0-4553-a5f7-71d8e952b22e/0d47348c-b4b0-4553-a5f7-71d8e952b22e.json

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d20ef4db20e18100c9e56ba0207eb823d4590239b5a72b09b153e819ed1941dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: /ZmN/m+URL9oYFFNU5HAlw==
content-length: 1786
x-ms-lease-status: unlocked
last-modified: Mon, 24 Jun 2024 15:44:11 GMT
server: cloudflare
etag: 0x8DC94647E6F7837
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ea5e7f63-501e-00b5-508b-c69e75000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e467b8208edc-FRA
expires: Mon, 08 Jul 2024 12:38:32 GMT

GET
H2 200 domaingroupcheck Show response
cookies-data.onetrust.io/bannersdk/v1/ 17 B
85 B 81ms
81ms XHR
application/json 2606:4700:4400::6812:20c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1aabe1212b2f9cb8f6a547454bd4e5f4773485e3e001b327e501ba3e0e77cc7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
location: cdn.cookielaw.org
Referer: https://login.travelreturns.com/
url: login.travelreturns.com
domainId: 0d47348c-b4b0-4553-a5f7-71d8e952b22e
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 12:38:33 GMT
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 89f7e4694f9c1901-FRA
access-control-allow-headers: Content-Type
content-length: 17

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
296 B 225ms
126ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept: application/json
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 89f7e468f9b59be8-FRA
access-control-allow-headers: Content-Type

OPTIONS
H2 200 domaingroupcheck
cookies-data.onetrust.io/bannersdk/v1/ 0
0 148ms
56ms Preflight
application/json 2606:4700:4400::6812:20c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: domainid,location,url
Access-Control-Request-Method: GET
Origin: https://login.travelreturns.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: domainId, url, location, Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-allow-origin: *
cf-ray: 89f7e468eed71901-FRA
content-length: 0
content-type: application/json
date: Sun, 07 Jul 2024 12:38:33 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/ 430 KB
105 KB 61ms
61ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 5m3SVn9yaQSlRqLvlzjrBg==
age: 62135
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106956
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:34 GMT
server: cloudflare
etag: 0x8DC8B51807E16D9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 15141953-c01e-005e-3b3d-bd6089000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e469cd9836df-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/0d47348c-b4b0-4553-a5f7-71d8e952b22e/018f9d2c-a40e-7efa-a44c-ded6a005ff71/ 54 KB
14 KB 113ms
113ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/0d47348c-b4b0-4553-a5f7-71d8e952b22e/018f9d2c-a40e-7efa-a44c-ded6a005ff71/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4828ef4d0eda5deaf1656bc1f33ca651a006e2eedfd2c969f158d1a79fa7716f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: HW+WudR5CTd24F2Z5kuDhQ==
content-length: 14526
x-ms-lease-status: unlocked
last-modified: Mon, 24 Jun 2024 15:44:17 GMT
server: cloudflare
etag: 0x8DC946481FA4C16
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 23e97fe5-001e-00e2-7d6a-d077f8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e46a7b928edc-FRA
expires: Mon, 08 Jul 2024 12:38:33 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 13 KB
3 KB 94ms
93ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: J2h618merDnrxos96K8Rfg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:26 GMT
server: cloudflare
etag: 0x8DC8B517B84609E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 53887818-101e-009b-6126-cd1eb2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e46b3c508edc-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/ 62 KB
13 KB 90ms
89ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 01SMtGeyB0SRvW+F1DYVMg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12808
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:28 GMT
server: cloudflare
etag: 0x8DC8B517D165CD5
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 715195cb-a01e-0045-74bf-c24e1b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e46b3c538edc-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 5 KB
2 KB 95ms
95ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
content-md5: P+JM5OTYESbConLeIFfe7w==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:28 GMT
server: cloudflare
etag: 0x8DC8B517CC342D5
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: bbfe468b-001e-002e-5e6a-d0134d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e46b3c548edc-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202402.1.0/assets/ 21 KB
4 KB 96ms
96ms Fetch
text/css 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202402.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
x-ms-lease-status: unlocked
last-modified: Thu, 13 Jun 2024 02:35:38 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: dfa266c3-e01e-0085-5526-cdc45f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89f7e46b3c578edc-FRA

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 56ms
56ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 65020
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:24 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 0bcfa78c-601e-0058-1bc1-cd97f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89f7e46bd8af36df-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
493 B 80ms
79ms Fetch
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202402.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 64f39818-801e-0095-2d64-cef2b9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89f7e46bed2b8edc-FRA

GET
H2 200 arrivia-Logo.png
cdn.cookielaw.org/logos/4369ba53-07ec-47e2-9125-4ecef5f9a7ac/018eedd8-d29f-79e9-a04b-c07eb7d9a159/0cb7f547-e290-46eb-a5e0-19b36704e968/ 5 KB
5 KB 57ms
57ms Image
image/png 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/4369ba53-07ec-47e2-9125-4ecef5f9a7ac/018eedd8-d29f-79e9-a04b-c07eb7d9a159/0cb7f547-e290-46eb-a5e0-19b36704e968/arrivia-Logo.png

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

281090e407ad8bc7fdd53556684d945e9f36df38d21cb19fdc3bb0424f977194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ORTQneFQfFDuRust1Q0xPw==
age: 67348
content-length: 4955
x-ms-lease-status: unlocked
last-modified: Mon, 22 Apr 2024 20:28:19 GMT
server: cloudflare
etag: 0x8DC630ABFA9FF6B
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: c3fa4a49-301e-00a2-78f3-94039a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 89f7e46be8cc36df-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 55ms
55ms Image
image/svg+xml 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: login.travelreturns.com
URL: https://login.travelreturns.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 07 Jul 2024 12:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 29181
x-ms-lease-status: unlocked
last-modified: Wed, 03 Jul 2024 16:07:24 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 3e5e20fe-101e-00df-537c-cdc2de000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 89f7e46be8cf36df-FRA

GET
H2 200 utag.8.js Show response
tags.tiqcdn.com/utag/ice/main/prod/ 4 KB
2 KB 434ms
433ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.8.js?utv=ut4.51.202311212304
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17c42d952500088567fccf2ac1d45164532e853334eacf173da6fe92c1536724

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: EVZUDil60rPd8QXySIFdNCVU6TEJm1Wh
content-encoding: br
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 12:38:35 GMT
last-modified: Wed, 03 Jul 2024 20:20:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
etag: W/"22401d3a3afb29614a24cdec5cbbf99f"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: rcQmF1W3SpiXJ0snpPFQ_xuFypbKKty5GAAsVFA0lWc9Ybkqxc1C5g==

GET
H2 200 utag.229.js Show response
tags.tiqcdn.com/utag/ice/main/prod/ 17 KB
5 KB 43ms
43ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.229.js?utv=ut4.51.202403252345
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a1c03f68da8bb11e7a692e98cff73a3ca7a366ef3696a1d224497f5078b99824

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Wia3dkquIjnIJEN9twpkVikIwilMf78J
content-encoding: br
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 12:38:33 GMT
last-modified: Wed, 03 Jul 2024 20:20:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 17
x-amz-server-side-encryption: AES256
etag: W/"d297834cb124ba64d40e220768ecdae7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: tNMAGFAItC_n1QUaD-3crA7O9gzfqLHbALjL62NKRHvl79r9SAv4dw==

GET
H2 200 utag.187.js Show response
tags.tiqcdn.com/utag/ice/main/prod/ 9 KB
3 KB 47ms
47ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.187.js?utv=ut4.51.202402212134
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4613a40c47304deb926b89a23d3f56ce9eff6649ad3c27f8c584a7352501711b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: erBZWLYmBv27yWDegxuYeIoFkL.ShI4U
content-encoding: br
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 12:38:33 GMT
last-modified: Wed, 03 Jul 2024 20:20:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 17
x-amz-server-side-encryption: AES256
etag: W/"22a3d0fa4eecd3c260c99cdaf69a7067"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: MLQAwlgGoPVwdkA6n6Cab9Mzmw1QDHACUnTmCYsS1RduUkokjCM5aA==

GET
H2 200 utag.4.js Show response
tags.tiqcdn.com/utag/ice/main/prod/ 33 KB
8 KB 46ms
46ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.4.js?utv=ut4.51.202405202315
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49e3092955791935076b92f83e37a8c9150a294b03a0bca7572495122188b29f

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: ZCk6ywBfuiyAq5yBNwp9vY9f47QDONGr
content-encoding: br
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
date: Sun, 07 Jul 2024 12:38:33 GMT
last-modified: Wed, 03 Jul 2024 20:20:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 17
x-amz-server-side-encryption: AES256
etag: W/"d472ca26288517a3a8cacfc6b2e5b998"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 0-RmS5Qpe2aVh_VxISP4E2sLdZhqgDo0YvEtyuPa-MN-U3D7b8RdQA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 265 KB
92 KB 172ms
78ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7PJHYZVF1H

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

49710e3fdf17e9c8b99d5e5f31accb0c0443bfc819bf2c337d393714465365dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 12:38:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94240
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 07 Jul 2024 12:38:33 GMT

POST
H2 200 i.gif Show response
collect.tealiumiq.com/ice/main/2/ 43 B
755 B 186ms
85ms XHR
image/gif 52.58.176.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collect.tealiumiq.com/ice/main/2/i.gif
Requested by: Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.176.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-176-152.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryNj1c1BRBAiRJ97oq

Response headers

date: Sun, 07 Jul 2024 12:38:33 GMT
x-serverid: uconnect_i-073a8a8f6fc8219a4
x-tid: 01908d3400080012c8cef14144940506f002006700b08
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc: ice:main:2:datacloud
x-region: eu-central-1
content-length: 43
pragma: no-cache
x-did: 01908d3400080012c8cef14144940506f002006700b08
vary: Origin
content-type: image/gif
access-control-allow-origin: https://login.travelreturns.com
x-ulver: 48d6d444c60a48b0fb994a4aed1c725e05c4a4b7-SNAPSHOT
access-control-expose-headers: X-Region
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
x-uuid: e0579566-4ad9-46aa-bc93-e6547a8e7678
expires: Sun, 07 Jul 2024 12:38:33 GMT

GET
H2 200 tracking.js Show response
cdn.livechatinc.com/ 81 KB
26 KB 205ms
46ms Script
application/javascript 2.19.96.75
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/tracking.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.96.75 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-96-75.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b0bf60a6fecd1eed76618fb89f32324ad70f50ccd7ccbfec005c477d887e65e0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: qSWZl8B6hWHLAVZvWfmDGFHQk_2wkeDh
content-encoding: br
date: Sun, 07 Jul 2024 12:38:33 GMT
x-amz-cf-pop: FRA60-P2
x-amz-server-side-encryption: AES256
cross-origin-resource-policy: cross-origin
content-length: 26197
last-modified: Thu, 04 Jul 2024 12:21:01 GMT
server: AmazonS3
etag: W/"929e778916751b2afcea980abaa44230"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=28800
x-amz-cf-id: q3mAi5CG03J3Zgh_y8JsZWRn9OLIC8X5BlERKIkXcIYNyvpN2OxnJw==
expires: Sun, 07 Jul 2024 20:38:33 GMT

GET
H2 200 01908d3400080012c8cef14144940506f002006700b08 Show response
visitor-service-eu-central-1.tealiumiq.com/ice/main/ 27 B
246 B 139ms
41ms Script
application/javascript 3.121.158.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visitor-service-eu-central-1.tealiumiq.com/ice/main/01908d3400080012c8cef14144940506f002006700b08?callback=utag.ut%5B%22writevamain%22%5D&rnd=1720355913927

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.158.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-158-7.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e036d4c0bab9dcd3d8ed9d625c2cdd24f4d0474f1a4232f0e7c9471aaf0cf470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 29c08d7b4f5aca3e47f349eb2d13b5b8b2534f59-SNAPSHOT
date: Sun, 07 Jul 2024 12:38:34 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-region: eu-central-1
content-length: 27
x-nodeid: i-08a58f70a97aaffbe
content-type: application/javascript; charset=utf-8

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 139ms
49ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7PJHYZVF1H&gtm=45je4730v874033126za200&_p=1720355913682&gcs=G100&gcd=13p3p3p2p5&npa=1&dma_cps=-&dma=1&tag_exp=0&gdid=dYWJhMj.dYmQxMT&cid=2047930690.1720355914&ul=de-de&are=1&frm=0&pscdl=denied&_geo=1&_rdi=1&_s=1&sid=1720355914&sct=1&seg=0&dl=https%3A%2F%2Flogin.travelreturns.com%2F&dt=Travel%20Returns&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.tealium_event_name=view&ep.url=https%3A%2F%2Flogin.travelreturns.com%2F&tfd=4890&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7PJHYZVF1H
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 07 Jul 2024 12:38:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://login.travelreturns.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get_dynamic_configuration Show response
api.livechatinc.com/v3.6/customer/action/ 378 B
607 B 706ms
548ms Script
application/javascript 95.101.111.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?license_id=9056575&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&url=https%3A%2F%2Flogin.travelreturns.com%2F&channel_type=code&jsonp=__n9b4jmxf0gr

Requested by

Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-146.deploy.static.akamaitechnologies.com

Software

Resource Hash

477d071b32c5f22cd3c600e28ce7ca02a4f79584a6d37275951265854c1bbf9d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://login.travelreturns.com/;
X-Frame-Options	allow-from https://login.travelreturns.com/

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: frame-ancestors https://login.travelreturns.com/;
date: Sun, 07 Jul 2024 12:38:34 GMT
cross-origin-resource-policy: cross-origin
content-length: 378
vary: Accept-Encoding
x-frame-options: allow-from https://login.travelreturns.com/
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 239ms
41ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 39ms
39ms Script
application/javascript 2600:9000:235a:6e00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=ice/main/202407032019&cb=1720355914124
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/ice/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:6e00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Sun, 07 Jul 2024 12:28:51 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 584
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: bmJRyd08L_mjwqXUf97-NmuURiC-gwAY0njMgSG5vdmgAPaSLCcB_A==

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 48ms
48ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Tue, 15 Oct 2024 12:38:34 GMT

POST
H/1.1 200
OK visitWebPage
512-jjp-615.mktoresp.com/webevents/ 2 B
318 B 567ms
120ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://512-jjp-615.mktoresp.com/webevents/visitWebPage?_mchNc=1720355914419&_mchCn=&_mchId=512-JJP-615&_mchTk=_mch-travelreturns.com-1720355914415-80399&_mchHo=login.travelreturns.com&_mchPo=&_mchRu=%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:34 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 6d81cb09-f07e-4bfd-8908-8b38dcd766f5

GET
H2 200 get_configuration Show response
api.livechatinc.com/v3.4/customer/action/ 20 KB
5 KB 212ms
212ms Script
application/javascript 95.101.111.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://api.livechatinc.com/v3.4/customer/action/get_configuration?organization_id=0465db85-f1ea-4496-8196-70ad67964ed9&version=339507.0.24.8048.1030.1178.985.43.26.742.18.31.1&group_id=13&jsonp=__lc_static_config
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.146 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-146.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e47bc20b48aad697694f11c9d91a7b8929f756cebbb67a3849931df0bb494d60

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 07 Jul 2024 12:38:34 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
deprecation: 2024-11-30
cache-control: public, max-age=600
cross-origin-resource-policy: cross-origin
content-length: 5379
expires: Sun, 07 Jul 2024 12:48:34 GMT

GET
H/1.1 404
Not Found favicon.ico
login.travelreturns.com/ 1 KB
2 KB 552ms
185ms Other
text/html 199.73.52.3
SCALEMATRIX

General

Check archive.org

Show headers Download Go to

Full URL

https://login.travelreturns.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.73.52.3 Chula Vista, United States, ASN33695 (SCALEMATRIX, US),

Reverse DNS

www.saveonresorts.com

Software

arrivia / arrivia

Resource Hash

dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://login.travelreturns.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sun, 07 Jul 2024 12:38:35 GMT
Content-Security-Policy: frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
Server: arrivia
X-AspNet-Version: arrivia
X-Powered-By: arrivia
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Connection: close
Content-Length: 1245
X-XSS-Protection: 1;mode=block

OPTIONS
H2 204 track
dc.services.visualstudio.com/v2/ 0
0 377ms
87ms Preflight 20.50.88.245
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sdk-context
Access-Control-Request-Method: POST
Origin: https://login.travelreturns.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
date: Sun, 07 Jul 2024 12:38:34 GMT
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000

POST
H2 200 track Show response
dc.services.visualstudio.com/v2/ 96 B
201 B 196ms
196ms XHR
application/json 20.50.88.245
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

20.50.88.245 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

62de0176d8207cc352e2fd7fc5b6516fd8431266b843d7596f33b724a4510757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type: application/json
Referer: https://login.travelreturns.com/
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000
date: Sun, 07 Jul 2024 12:38:34 GMT
x-content-type-options: nosniff
server: Microsoft-HTTPAPI/2.0
content-type: application/json; charset=utf-8

GET BackgroundImage(2)-min.jpg
login.travelreturns.com/Images/Template/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.travelreturns.com
URL: https://login.travelreturns.com/Images/Template/BackgroundImage(2)-min.jpg

Verdicts & Comments Add Verdict or Comment

108 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
login.travelreturns.com/	1970-01-20 22:35:47	Name: saveon Value: language=1
login.travelreturns.com/	1969-12-31 23:59:59	Name: beid Value: LIVE-WEB18
login.travelreturns.com/	1970-01-21 06:38:11	Name: ai_user Value: aluN7\|2024-07-07T12:38:32.343Z
.travelreturns.com/	1970-01-21 06:38:11	Name: utag_main__sn Value: 1
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main__se Value: 1%3Bexp-session
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main__ss Value: 1%3Bexp-session
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main__st Value: 1720357712669%3Bexp-session
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main_ses_id Value: 1720355912669%3Bexp-session
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main__pn Value: 1%3Bexp-session
login.travelreturns.com/	1970-01-20 21:52:37	Name: ai_session Value: bEFgT\|1720355912994.1\|1720355912994.1
.travelreturns.com/	1970-01-21 06:38:11	Name: utag_main_v_id Value: 01908d3400080012c8cef14144940506f002006700b08
.travelreturns.com/	1970-01-21 06:38:11	Name: utag_main_dc_visit Value: 1
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main_dc_event Value: 1%3Bexp-session
.tealiumiq.com/	1970-01-21 06:38:11	Name: TAPID Value: ice/main>01908d3400080012c8cef14144940506f002006700b08\|
.travelreturns.com/	1970-01-20 21:52:37	Name: utag_main_dc_region Value: eu-central-1%3Bexp-session
.travelreturns.com/	1970-01-21 07:28:35	Name: _mkto_trk Value: id:512-JJP-615&token:_mch-travelreturns.com-1720355914415-80399

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.travelreturns.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' www.bzzworldtravel.com irbooking.bzzworldtravel.com oss.bzzworld.com admin.saveonresorts.com admin.saveonresorts.com cash.kivac.com.mx internationalcash.liveaquaresidenceclub.com www.travelii.mx www.world2go.mx globe.re-set.mx cash.kivac.com.mx reservation.re-set.travel members.re-set.travel visa.re-set.travel internationalcash.liveaquaresidenceclub.com www.favc.com access.favc.com www.crownclubmarketplace.com redeem.travelsavingspassport.com book.qvitravelsavings.com ir.tripsavr.com pc.tripsavr.com pc.tripsavr2.com ir.tripsavr2.com club.latitude21resorts.com www.IAMLVC.com www.travelsavingspassport.com www.qvitravelsavings.com activate.tripsavr.com tripsavr2.com latitudevacationclub.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

470992caf360e6f52e41-facb4f2ad95d60d4759ad822ce26fc13.ssl.cf2.rackcdn.com
512-jjp-615.mktoresp.com
api.livechatinc.com
az416426.vo.msecnd.net
cdn.cookielaw.org
cdn.livechatinc.com
code.ionicframework.com
collect.tealiumiq.com
cookies-data.onetrust.io
dc.services.visualstudio.com
geolocation.onetrust.com
login.travelreturns.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
region1.google-analytics.com
tags.tiqcdn.com
visitor-service-eu-central-1.tealiumiq.com
www.googletagmanager.com
login.travelreturns.com
104.102.38.132
104.18.10.207
172.67.69.29
192.28.144.124
199.73.52.3
2.19.96.75
20.50.88.245
2001:4860:4802:32::36
23.212.202.218
2600:9000:235a:6e00:7:2bfb:7c00:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700:4400::6812:20c1
2606:4700:4400::ac40:9b77
2606:4700::6813:b134
2a00:1450:4001:813::2008
3.121.158.7
52.58.176.152
95.101.111.146
022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5
0e601179c318d8211894a819cb4248629155c3724aa4cf3742fc8b8bb3d67dc2
17c42d952500088567fccf2ac1d45164532e853334eacf173da6fe92c1536724
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
230919016ae3139e0e9d814ee40741bf61aade49ab4525c5512a13d23e0cc7b9
281090e407ad8bc7fdd53556684d945e9f36df38d21cb19fdc3bb0424f977194
2e789e43937c7abc5959eba06825459f4e08e050ff9ea43ab8ec5a041a3e7558
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4613a40c47304deb926b89a23d3f56ce9eff6649ad3c27f8c584a7352501711b
477d071b32c5f22cd3c600e28ce7ca02a4f79584a6d37275951265854c1bbf9d
4828ef4d0eda5deaf1656bc1f33ca651a006e2eedfd2c969f158d1a79fa7716f
49710e3fdf17e9c8b99d5e5f31accb0c0443bfc819bf2c337d393714465365dc
49e3092955791935076b92f83e37a8c9150a294b03a0bca7572495122188b29f
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
54d99ef58ef9687acbed577cfdd84f14084b9f9708555da9cac7b155a1aa70e7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5e05c8986c7e98ee158b822813fc8c6660b54d298f173e6ba96f003c68ef3083
5e700835ec05293a3d0f9e354e7d038319d34521cd279e782198dff6d1dd58f2
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62de0176d8207cc352e2fd7fc5b6516fd8431266b843d7596f33b724a4510757
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6f63c4b4f22a8153e076e7e698fd7d5322177598b3dece151168ee23e918d5fe
7429ba59299387d5b2445949464b6b58111c47c8363459c1dfe16a541ff0c397
8c420e87f727ef0aa331feb2d325bd1499fea67a57fff434fd315b507088491a
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92ac508220f5bb60ec94e07650528eb66625f82a4740ada068cde05365781286
9cb5e4dddd26dd63a1f43a8a0a7f3da566db5431079c255bfdb1774d982365fa
9f9425c961900c8d8b3b30085c3969eef0c845a11c5be9fad704d160c64a12f5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a092a79b73e31f4b4a19bfc86e13104bc2f7c4f944b436a0bf094db6c830efc8
a1c03f68da8bb11e7a692e98cff73a3ca7a366ef3696a1d224497f5078b99824
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4aa45ffe18fcc5c2d3ec4cfc2c8927ab8fb88d7ea614ee0f3bc80cdcd2727fd
b0bf60a6fecd1eed76618fb89f32324ad70f50ccd7ccbfec005c477d887e65e0
b9ce979672c4faa146ecdf531d518d8a8ce14eef39810bec91640c7a99ea4892
cd98b62484c880a422c23f02a1320f0276016625bd0d81be68e4c1f27f390aaa
d1aabe1212b2f9cb8f6a547454bd4e5f4773485e3e001b327e501ba3e0e77cc7
d20ef4db20e18100c9e56ba0207eb823d4590239b5a72b09b153e819ed1941dd
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e036d4c0bab9dcd3d8ed9d625c2cdd24f4d0474f1a4232f0e7c9471aaf0cf470
e44c3b782978c44af9885b97302632e45ff19d01ecb745e91d21cf597c22cb29
e47bc20b48aad697694f11c9d91a7b8929f756cebbb67a3849931df0bb494d60
e8dfc738e24bb8d23609f2aeca1e7fec2f55daec9615c6f3f94a614c35608e31
f40f57620246d052ea666f8f9d25dc6fcd93a7bbd6314077a2eb7213e98a4b5a
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
fea38edefff54be4997eccdec849d62e130abea09a971e34f6607f490373ffbc
ff28aca264e1a23d1ff01941df13b8b8ca9e51045775b6acb7c748836b4bf119

login.travelreturns.com Open in urlscan Pro 199.73.52.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

55 Requests

98 %HTTPS

39 %IPv6

16 Domains

18 Subdomains

19 IPs

4 Countries

1375 kBTransfer

2863 kBSize

16 Cookies

3 Outgoing links

Redirected requests

55 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

login.travelreturns.com Open in urlscan Pro
199.73.52.3 Public Scan

Screenshot
Live screenshot

Full Image

55
Requests

98 %
HTTPS

39 %
IPv6

16
Domains

18
Subdomains

19
IPs

4
Countries

1375 kB
Transfer

2863 kB
Size

16
Cookies

55 HTTP transactions
1 data transactions