onoffrefund.com Open in urlscan Pro
2606:4700:3036::6815:4495 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onoffrefund.com/
Submission: On July 11 via automatic, source certstream-suspicious (July 11th 2024, 9:54:30 pm UTC) — Scanned from DE

Summary HTTP 60 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 14 IPs in 2 countries across 13 domains to perform 60 HTTP transactions. The main IP is 2606:4700:3036::6815:4495, located in United States and belongs to CLOUDFLARENET, US. The main domain is onoffrefund.com.
TLS certificate: Issued by WE1 on July 11th 2024. Valid for: 3 months.

This is the only time onoffrefund.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
37	2606:4700:303... 2606:4700:3036::6815:4495	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	172.65.208.22 172.65.208.22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.255.172 172.65.255.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	172.65.202.201 172.65.202.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.65.238.60 172.65.238.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.192.122 172.65.192.122	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:620	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.65.232.43 172.65.232.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.65.240.166 172.65.240.166	13335 (CLOUDFLAR...) (CLOUDFLARENET)
60	14

37 2606:4700:3036::6815:4495 (United States)

ASN13335 (CLOUDFLARENET, US)

onoffrefund.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

maps.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)

js-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-eu1.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:620 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.weglot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-eu1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)

track-eu1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	onoffrefund.com onoffrefund.com	1 MB
4	hsforms.com forms-eu1.hsforms.com — Cisco Umbrella Rank: 27776	9 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5364 track-eu1.hubspot.com — Cisco Umbrella Rank: 16535	2 KB
2	hscollectedforms.net js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 27164 forms-eu1.hscollectedforms.net — Cisco Umbrella Rank: 27871	25 KB
2	google.com 1 redirects maps.google.com — Cisco Umbrella Rank: 1943 www.google.com — Cisco Umbrella Rank: 5	301 B
2	gstatic.com fonts.gstatic.com	70 KB
2	hsforms.net js-eu1.hsforms.net — Cisco Umbrella Rank: 47231	156 KB
2	hs-scripts.com js-eu1.hs-scripts.com — Cisco Umbrella Rank: 15100	2 KB
1	weglot.com cdn.weglot.com — Cisco Umbrella Rank: 13353	860 B
1	hs-analytics.net js-eu1.hs-analytics.net — Cisco Umbrella Rank: 16198	24 KB
1	hs-banner.com js-eu1.hs-banner.com — Cisco Umbrella Rank: 16039	26 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 74	1 KB
0	payback-ltd.com Failed payback-ltd.com Failed
60	13

	Domain	Requested by
37	onoffrefund.com	onoffrefund.com
4	forms-eu1.hsforms.com	js-eu1.hsforms.net onoffrefund.com
2	track-eu1.hubspot.com
2	fonts.gstatic.com	fonts.googleapis.com
2	js-eu1.hsforms.net	onoffrefund.com js-eu1.hsforms.net
2	js-eu1.hs-scripts.com	onoffrefund.com js-eu1.hs-analytics.net
1	app.hubspot.com	js-eu1.hsforms.net
1	forms-eu1.hscollectedforms.net	js-eu1.hscollectedforms.net
1	cdn.weglot.com	onoffrefund.com
1	js-eu1.hscollectedforms.net	js-eu1.hs-scripts.com
1	js-eu1.hs-analytics.net	js-eu1.hs-scripts.com
1	js-eu1.hs-banner.com	js-eu1.hs-scripts.com
1	www.google.com	onoffrefund.com
1	maps.google.com	1 redirects
1	fonts.googleapis.com	onoffrefund.com
0	payback-ltd.com Failed	onoffrefund.com
60	16

This site contains links to these domains. Also see Links.

Domain
rarathemes.com
fr.wordpress.org

Subject Issuer	Validity	Valid
onoffrefund.com WE1	`2024-07-11` - `2024-10-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
hs-scripts.com E1	`2024-05-31` - `2024-08-29`	3 months	crt.sh
hsforms.net WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
hscollectedforms.net E1	`2024-05-27` - `2024-08-25`	3 months	crt.sh
cdn.weglot.com WE1	`2024-07-01` - `2024-09-29`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://onoffrefund.com/
Frame ID: 015B7B99F0CF2764226931E508788EEA
Requests: 59 HTTP requests in this frame

Frame: https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1sPl.+de+la+Bourse,+75002+Paris,+France!6i14!3m1!1sen!5m1!1sen
Frame ID: 59249FC7C85DFC6C9E85ACA2BD1A5837
Requests: 1 HTTP requests in this frame

Frame: https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11
Frame ID: 509A73710B634C5EAF41FAF1942D7B93
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/embedded-viral-link/forms?lang=en&portalId=144659521&hubs_id=forms-branding-control&hubs_source=onoffrefund.com&intent=marketingFreeForms
Frame ID: 6EC4F7A2B3F31B911ABA909830DFE0F8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OnOff Refund – Law First

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

cdn\.weglot\.com
wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

60
Requests

95 %
HTTPS

50 %
IPv6

13
Domains

16
Subdomains

14
IPs

2
Countries

1807 kB
Transfer

4542 kB
Size

10
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://rarathemes.com/
Title: Rara Theme

Search URL Search Domain Scan URL

URL: https://fr.wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://maps.google.com/maps?width=100%25&height=600&hl=en&q=Pl.%20de%20la%20Bourse,%2075002%20Paris,%20France+(ONOFF%20Refund)&t=&z=14&ie=UTF8&iwloc=B&output=embed HTTP 301
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1sPl.+de+la+Bourse,+75002+Paris,+France!6i14!3m1!1sen!5m1!1sen

60 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
onoffrefund.com/ 78 KB
21 KB 139ms
93ms Document
text/html 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ab6cdb80f2e83299f2195a55b8113b16fb567deda8b6cb2ac01c0bc34ec6c9b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a1c0825accc5d79-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 11 Jul 2024 21:54:24 GMT
link: <https://onoffrefund.com/wp-json/>; rel="https://api.w.org/" <https://onoffrefund.com/wp-json/wp/v2/pages/219>; rel="alternate"; type="application/json" <https://onoffrefund.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cmI4ftyxWhSZ9TkgKvEOLs00ofpludMANSH01387kTH3JbIvNHoeSHLDO65gTTsU25pjmyJ6rKkXpsmDZfwJxuOmD5BedLq1H2NZHBDulD5mRbomQLD0YG%2BS28gxR62RavUZldl9YOUs0qcx16Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed

GET
H3 200 style.min.css
onoffrefund.com/wp-includes/css/dist/block-library/ 111 KB
15 KB 129ms
128ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/css/dist/block-library/style.min.css?ver=6.5.5
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 27 Feb 2024 14:48:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCRRRkkrFZC%2FuHWwe4XJnEB3%2FIyw18H5uV%2FBA2K%2FPIyCBQDmp0s8QoR%2B104Ynl1lPDol7gxFkYkaXis4EImMsTRymiV0tAM%2F0AHMPK1sraMEdrbX6VbbrMUbIv8ujwEqJK63tecHgz2%2FfWlqnmo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d5d5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 styles.css
onoffrefund.com/wp-content/plugins/contact-form-7/includes/css/ 3 KB
1 KB 127ms
125ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.9.4
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:15:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wp1S1jtzUb5xhl5vf%2FOSFeuBVnnZobLt9i8xgop3%2B%2FBWp9AaVO34x5PC9j6XB9hEcp7G5Qt5uI5pCh5ZNXTihS2fA%2BGymPFkS9ydzm2RhaJBoYOqcmuDEjJpdd%2F6IKENPSF%2BKFI%2BWZydv9BgMTA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d615d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 front-css.css
onoffrefund.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 106ms
104ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:19:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0TpeukEWzp0acmJCM%2BZQOFGVQizuqdtY6Hslmq60oIP%2BminMiVYFVoWLmA%2F%2BdQOc0hP6oMlqwzEh2UUHq318m4BteFeECWyruZIEZXqZ6WnkZnZPDRiuZ1pipRkEEKg0RK2VMKFdOKAqtdTWMw0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d645d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 new-flags.css
onoffrefund.com/wp-content/plugins/weglot/app/styles/ 86 KB
4 KB 109ms
107ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:19:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z6OCUIW7OYIIpBsyFhs%2F%2B56nI4GqNUA2F8vbjtpLxE52WAhlcrFWD0FFgtSQZvj0BcO%2BQeRpP%2Fap75WwExb2b7ionWD5pF%2FJW9InVvzJcYjf41glOMV8K51zJLkerOsSsmPgaiVUZCgo7XFou8U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d685d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 owl.carousel.min.css
onoffrefund.com/wp-content/themes/lawyer-landing-page/css/ 3 KB
1 KB 102ms
100ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/css/owl.carousel.min.css?ver=6.5.5
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52a0d65a1aa25a21c16bf3f593828e2dceb7aa12ef35b4f1d583d3017b344471

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLfHmS%2BT0FK4I8DlngXCrEeJFuSYhzijRtWpkYdFDRs%2B3xIvpxsnZVYMJLbdd1qRuP6rrvuXwxyTNvGNNXn3CBbX1uCQYdK7nal5olQ60PKaxMQcj54C2WNGv7iWIOQOz5Fj%2Bj5YcaK3fbKtHdE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d6d5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 owl.theme.default.min.css
onoffrefund.com/wp-content/themes/lawyer-landing-page/css/ 908 B
825 B 105ms
104ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/css/owl.theme.default.min.css?ver=6.5.5
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e6b8378d958cc45912851e02974b92f47a01c49240eb06e5cb755ccc0191c96

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PXqauthhFGPapGiR641wKJAvcaDA2F%2BXg05FvYqCzDE%2FmaDwHByS9%2BIeMtiNi6Id%2F1lUfD6%2FRWVR%2F20wV4%2FiK4KSqOyMbX78fkt%2BSREPdOXnO9FyUVb1ykSyjFztZbc8wR7SZnAJ4vdzvEruhuc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d735d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
1 KB 93ms
40ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway%3A400%2C400i%2C500%2C600%2C700%7CLato&ver=6.5.5

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a9fcf925fa5dfe86df2157872945db8989789f7ca0905a0a6171af1fd035aa34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 11 Jul 2024 21:54:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 11 Jul 2024 21:54:24 GMT

GET
H3 200 style.css
onoffrefund.com/wp-content/themes/lawyer-landing-page/ 90 KB
17 KB 139ms
138ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/style.css?ver=1.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42934f8af32995a11789a2f9ccfaf0acf4394f74a1499a27274e8f3ac3f0383e

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztTYKCk3BhbKy%2FJrBT8FW1NSpkI7v4e2pAv0dKPMImo9%2Bd4BxEIXNwOW%2FO1gljs1s67yuWON23jjjc234toxx3LWQS0iU%2BRNWUBT7xjNEVOtLujK9BDftdhmUBfos62oIJX3EBf9ni6wZjcC3S8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d745d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 style-front-end.css
onoffrefund.com/wp-content/plugins/profile-builder/assets/css/ 24 KB
6 KB 118ms
117ms Stylesheet
text/css 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/profile-builder/assets/css/style-front-end.css?ver=3.11.7
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd94406ef5c26196e144d9d2223e554f0d91e2deb5dfccd3b8b1f6cdfc568a55

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 21 Jun 2024 10:43:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xkdQP%2BIK4ACcgfiRyKflLg%2F8u4DdaWu6bGaAzFUDSt%2FjvHor2Qa6rQbmQiwUjVLjrMb0Y%2BFWvL9EvYC3IjVf1Gi%2BMD%2F1Xd4W4gxfTTK62GGyKVF58Vbo%2FnYLzaloaH4iRrp56JynQESRcb5gsUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d755d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 front-js.js Show response
onoffrefund.com/wp-content/plugins/weglot/dist/ 5 KB
2 KB 252ms
251ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/weglot/dist/front-js.js?ver=4.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84f5f5aa795694fd24258c8dee7a6f36f94a505f6f0446e06515f6114864f037

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:19:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N2JF8w2wfRuffKtHvpN5lzKJ0pjWvBsK%2FnUCnZsyMbdoAtFaZKz%2F2HeIRGmr4ZxoSOkKejdDXDYOHDHSlr%2FD%2FuhsBS9sstVukPqH%2Fvh%2BTk7SYyuI1fUMb9TGG2GhMktJWSQiHEWqOWcKV28YCY4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d775d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 jquery.min.js Show response
onoffrefund.com/wp-includes/js/jquery/ 86 KB
31 KB 152ms
151ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2GDpHMjjv1CRQQtUh1GX2iu1DhUfq54sG4gyCNkScJgqoLu4q%2BVUS%2Fb7Av0Zim1rmXORleY%2F2MIlYSBPdvzSqCRvaXvJKDt%2BjsAtJdpZsO1FREd8D44DxFjQ2%2FJkWnvEgkgDGLGRFuS0thA2DA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d795d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 jquery-migrate.min.js Show response
onoffrefund.com/wp-includes/js/jquery/ 13 KB
5 KB 128ms
128ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGejTjKdhmcL9WUZ0uMJRnhX%2FzLeiEgBmQYQ04Px%2BOILVLafkd67Qcw5ZV2koF2kSkcklNlKv15cqDPccx9%2BEgIcJv8S02V6b%2BtHX9MtVHsjx0J1oRMF031xay9eRCALWhiP48H1whF8fpc%2FCjg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08264d7a5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 removal.ai_9883199a-2369-4080-92a3-5b5b0744c55c-onoff-transformed_D2XUJ0.png
onoffrefund.com/wp-content/uploads/2024/05/ 54 KB
54 KB 168ms
167ms Image
image/png 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2024/05/removal.ai_9883199a-2369-4080-92a3-5b5b0744c55c-onoff-transformed_D2XUJ0.png
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4d16926527e52341a2b39393587a85197abe6c8b5f0ed7ad3b5213ca226c0db

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 20:51:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHx%2FGfC10ghXKv8iKXg%2B77pRIfBIivZ%2B6CiBrae1QQ2ZXVrZvF0qzwcZw1APzTeAB3wDOY517Qi8dcZxnXpxK%2BOBc5jG3VhnbOKSP7U0f7z6ImYUdDCsuslwz2mxs59zXnLfbJgoVexpvuiPunc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08264d7d5d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 54875
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
BLOB 200
OK cc2191c5-49ef-4dd0-a110-5233a66e9f8c
https://onoffrefund.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://onoffrefund.com/cc2191c5-49ef-4dd0-a110-5233a66e9f8c
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET stars-5.svg
payback-ltd.com/testimonials/stars/ 0
0

GET
H3 200 index.js Show response
onoffrefund.com/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
4 KB 133ms
132ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.9.4
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:15:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWSmzFuhOH%2F7iueRpEiddj9AgmSJVdDckvM8beDNI2GPYwgxm9Nj0yC7a7rvEEi9QyOb5wY1pwDoHOvciu4nzD4dRWjbyGH4KImoLCmLhhg88AySqhqizj6gMIIVVCZv8fSHrZiBVyrPN76xYqc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08266d895d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H3 200 index.js Show response
onoffrefund.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 97ms
96ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.9.4
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d702e5ed1e573918d912775ac1e88987fc177aa51efe1253a08f71ab54f96516

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:15:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FIcGrbQvP52j8RfR9koJPW8eE%2Fi9zrcDrRVP%2FIoEV3Qq6%2BPjyXNJ0g0%2FleUOGQBLVz07qxWZg0lNR%2BoybO9ducEq5EOa3A6joQq0P5TlTsiJU%2BUt8JyxkfgKI14LTNjKIfbtR3WN5htdYHSkRQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c08273e675d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:20 GMT

GET
H2 200 144659521.js Show response
js-eu1.hs-scripts.com/ 2 KB
1 KB 186ms
96ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/144659521.js?integration=WordPress&ver=11.1.11

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e105abc19ed9e7475e2da8e817daa17244507ac5a9c235fcf8955760f5c49e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ad1b5d1f-2dd1-483d-b284-ce2ad6f25087
x-envoy-upstream-service-time: 37
content-length: 610
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ad1b5d1f-2dd1-483d-b284-ce2ad6f25087
last-modified: Thu, 11 Jul 2024 21:54:24 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://onoffrefund.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/hubapi-td/envoy-proxy-68d6f869c4-qxstr
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8a1c08286a5b2c77-FRA

GET
H3 200 imagesloaded.min.js Show response
onoffrefund.com/wp-includes/js/ 5 KB
2 KB 92ms
92ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 11 Aug 2023 18:18:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cD2jnPkb5weho0XmpDBGcABGK1epsUxBNUB5D7ypA69HQLk4t8UEBME21bib4bwwxgw3Uk5T0S9KAnf9T5qUhU3onqOOvz7lG5S%2BfDi5cqrfTZ6zZDAJjeOVBXK2UyuEIg8equVWRPNn9KcDELY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827df005d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 masonry.min.js Show response
onoffrefund.com/wp-includes/js/ 24 KB
8 KB 109ms
109ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTQ6U6JMQFxsOOQo7LBIhV5BNZxA1eARMuf28Jk8cVQArvtUdp7I2pGaSsblr57swdtn1oVlqjgLv36jK9vGYsOfctPTR3VA%2FCbkYYPLvcrE0wF%2FDdKpZSaJSTmyl2bV0ELdIcpkRs37bqZag1c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff0f5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 owl.carousel.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 51 KB
13 KB 109ms
109ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/owl.carousel.min.js?ver=2.2.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee0ce5da36e2cd0d8e5a88229849651f7479335296508580020c2ec442ba9fcb

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rL0SPmnB4Jjr7oLrQp1FtrbiPTCplK4bKrGMisCIyqA1IhC6MomtvfnD5S6wqbkzEyD86DZYejE2iObc%2BdAmHre5Zx%2B6rA3fV8Da6K%2Fp4vrTRVG9HuG6px35j%2B%2BMP%2Fl9Gxklu%2Bs6NsV5mfGFFy4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff145d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 owlcarousel2-a11ylayer.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 3 KB
2 KB 101ms
100ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/owlcarousel2-a11ylayer.min.js?ver=0.2.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2bda05b8d03b55d5cdcd30f52a83c6e214dba660e5f5dfd8ce69673625c4190

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c6qh9%2FEKfGE4IeCg4g8XuXOTwSoNaTHxOBzJgmhjVE67TILaWRyVVng0SIsoRP3gj5Yfm9yWFv3JXglAjDl%2FpgDuSl%2B2mpTklsjw33eSn6M6dn%2FRN8t2ttMNFdp4ZzOP3%2BSiAaAxSIPw0P0Pl8M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff165d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 jquery.nicescroll.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 76 KB
20 KB 129ms
128ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/jquery.nicescroll.min.js?ver=1.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de10df7a2fc0311063d3f859e1f7ea8069ce073ceda95c7fadb0e42b2ad9ebfe

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1yol6dN3E5rXalfhZ%2BYLIm5b5p77AAugzVPCVFhH83pEPemhOpvUlfZbxHY0TvdONPaa8hAFAVn%2B4sO5b0z6cGVFUI2PQdKmOwar9KKoXnLy1HmZZfjWOMuZ%2FGvJZ5%2Bmam8aW6w0sEfl3Azd85o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff195d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 all.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 2 MB
608 KB 234ms
233ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/all.min.js?ver=6.1.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1b79a046062699d13f8f357fe188c26f595c3166016b3010efed03189a400d3

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3te3mtfxfn%2Bd6W%2BvGUigCztK7htjzCjYmONb%2BOTDdrf8qW93UAOXul5F9rnxeGj7qMeMhdCAljDfwn3icxXNDSDTv2yJ88FADOv%2BvGc4y9NttRRcQW%2BYjCog9jW8Z2CQQQf%2FuZBX6rV2KRRar4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff1c5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 modal-accessibility.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 6 KB
2 KB 110ms
109ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/modal-accessibility.min.js?ver=1.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44c0c6fe58a3b5a49bed26ddd347fbc788015eb6d0ea34883b4871b6b981d4ef

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2BNGGvL5o4v2Kdb3D5oQDXXqlOD0IATRAk7w9kw9Ixwe7h8Yb%2Fmw7R0GMyGF9P1yBzLoIIB7XhtSbEPOdBwBk3w4p7pQ00I9sgf46s3MA9cI0skJoeRVO9Y07Je%2ByZinRHrDma%2FDXZMR0%2Fhi4p4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff1f5d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 v4-shims.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 26 KB
8 KB 120ms
119ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/v4-shims.min.js?ver=6.1.1
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74110cf04c05b69b63f47ec3b5d7abb4fc7cefcf82a5bc8001c35eb501cc2d04

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iNyIsJ5HHC9YzWI%2BmAv7heNl1OGhF%2FBDlH1gk8cUJWcul3Av33FTCmhYiGBJjgQp0pdhH48CfmmPYdk1DVNJazDV%2FUt6lmTxZ0sXX8Y6GkWMx%2BT3xe%2BKsHuPiJn6kko%2Bj5BHnyToYACMsBpRkyE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff235d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 custom.min.js Show response
onoffrefund.com/wp-content/themes/lawyer-landing-page/js/ 2 KB
1 KB 102ms
101ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/js/custom.min.js?ver=1.2.6
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff9872bbe7094e792e5ea4af1a77455f47b5fea031c7dfe8aac87d16359368ed

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uoB%2BGmfp%2Bz%2FFiRlOrWL9p9jGdRLIXqfwJ6MRyndpCypcER53y%2Fq9U6inG%2B%2FrqMvnsmx7mm9IlCDiWxEbF1EedacPtuS4g3BDpU%2FL701DFpxnmCbp57xlxBWs0g5tjW%2F3vWuzMbvHi2CM4zDk%2BN4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c0827ff245d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H2 200 v2.js Show response
js-eu1.hsforms.net/forms/embed/ 482 KB
156 KB 128ms
39ms Script
application/javascript 172.65.255.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 22
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a1c079ccf835cb0-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Thu, 11 Jul 2024 21:54:24 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
x-hubspot-correlation-id: 25ed723e-0baa-496a-b86c-ed3663b968ee
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 25ed723e-0baa-496a-b86c-ed3663b968ee
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uStVN9HcmfBAwC9YA8yRaqhOMZbQ9TReyCmBbaCBySE7bcnyXM184vjiTaj%2Fq7ZQD%2FevG4Jwu03u0zspfNh9Q4v6JrQ9rblUD2v6SCPIV%2Bjzy65ZvqGif9ngZpEBvZrR%2BIER9g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-5dd8ff7977-w9t25
cf-ray: 8a1c082888c792c5-FRA
x-amz-cf-id: 2CtVzlz1PdrsZIPWHqrqbDmhqKqsoOKOemEBYZ1_ZTaW2gtVZxBOdg==

GET
H3 200 testi.webp
onoffrefund.com/wp-content/uploads/2024/05/ 15 KB
15 KB 134ms
134ms Image
image/webp 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2024/05/testi.webp
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16ea240fd5bf19fd75facd17e8620bc45cc9e9aabac672c06e4d0e19b3cbd44a

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 23:09:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aIGOql5Iif9%2B%2BQIeasgVCO3TTRwaCdxKLkEwH7aj1SAT8bsNC5HQq8a8wd5I1Yv93ZK4u%2Blz%2BUHqMayawNQqv7xNrxZkTn1W2Q%2BnSmMuMMygLIZ6717xa0bjInbovFClI0ZJtMJ5lyR4PXjPhS0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c0827ff275d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 15280
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 bg-search.png
onoffrefund.com/wp-content/themes/lawyer-landing-page/images/ 1 KB
2 KB 109ms
109ms Image
image/png 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/images/bg-search.png
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/style.css?ver=1.2.6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e73b23b9562a38ae023e9fdd34f8c4ca9d77a3ac2c574a1c48d7e7ef629d71c9

Request headers

Referer: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/style.css?ver=1.2.6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TkBJnyrMB1xf7LUmGy1seg27EEn36olRgu5AWfBC7gER2Z%2Fu19M8%2B0zpSS3miC3gvOKu9lvtbAzvXqWYElMEorvc3E3Fqf%2BnPyQlAmYc6PL58LjRs6Cy5Rf%2FUQvni74DcVboI26IPjo0AVErdtg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c0827ff285d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1084
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 img31.jpg
onoffrefund.com/wp-content/uploads/2016/12/ 60 KB
60 KB 170ms
170ms Image
image/jpeg 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/img31.jpg
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b692f881527cc9c09a9920f5ab8b9a5d6f5010fbb98663409e89f85be6ce9877

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 21 Jun 2024 14:15:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hrj8AHJuDh6ud9BxsTUdwZgufTRwveDzTee5wczsf2XbMU3ZfeD%2FiBGf3l0ukllW9L8Bhew3y38zk%2F0lofQEKbVNF3LmVCd9VKiTbe9c3fERzSuR9w4T%2B74dx9jfX0Ie8av4oSpxPLm6MhPLl0Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c0827ff295d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 61436
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
DATA 200
OK truncated
/ 366 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bfce655034480dd01a045cc1318e4044b4df2fd085079154570bf82e11084e3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3 200 img33.jpg
onoffrefund.com/wp-content/themes/lawyer-landing-page/images/ 448 KB
449 KB 165ms
165ms Image
image/jpeg 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/images/img33.jpg
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/style.css?ver=1.2.6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33f0ae82128ddb01e10b0f1cff6e8ad5c9e5321105d9b32071b9846d1ba2016f

Request headers

Referer: https://onoffrefund.com/wp-content/themes/lawyer-landing-page/style.css?ver=1.2.6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:18:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEt3UEO9%2BOmzUspuLXqojoKZI0EIMNR3mZT9qhgJnpcvUtbST1x2zyCDVJUfVYJleZ1szK%2FxCSMQjs%2FxQYkge9E0Psa4h9CBImws7xpE%2FMNbhtlWyYZ3jHnUH4Y9jXfLBBdtE%2FaE%2FAZrdRv%2B4zY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c0827ff2a5d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 459243
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v34/ 47 KB
47 KB 100ms
43ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway%3A400%2C400i%2C500%2C600%2C700%7CLato&ver=6.5.5#038;display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://onoffrefund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 17:32:47 GMT
x-content-type-options: nosniff
age: 15697
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48336
x-xss-protection: 0
last-modified: Wed, 01 May 2024 20:31:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Jul 2025 17:32:47 GMT

GET
H3 200 img32.jpg
onoffrefund.com/wp-content/uploads/2016/12/ 32 KB
33 KB 99ms
99ms Image
image/jpeg 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/img32.jpg
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a75f0ec17eba121d8780a684752c72947d889dc9e0adb58bbaf31a71a38fedb1

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 18:44:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AAoDzUsrMqQowLqVd8aV3xkm4GZfI2551gNb5GgIsfRPGObnOWpvjEMpSInvdL9ZwqOGEUDzvZjcphCJPp13j%2FHwcODY9ZA5%2FHavxpTwtlWKLj9OUC5YmcLXZkPSVW9R34cNkud7vh84g2qxRvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08281f415d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 32871
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 phishing.webp
onoffrefund.com/wp-content/uploads/2016/12/ 35 KB
35 KB 122ms
122ms Image
image/webp 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/phishing.webp
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e02c92ce9f612172fa8d4d7f1b9431938c1182663c21a7ef771976e51318dac0

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 22:31:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lE32of3FiGV%2FBBbN4wgPwQfJgOE8lYLDokM0IpaaSZ7M3CzcOmMQ4YyP2MZ%2Fgf9%2BV3VOZKjeES%2F%2FsXWJR2Hr6FIVvvr0QztTL70qcp1bXj%2FQeYS1ZKFaUETip6DkPuiaFEBqUv1blJD1g5fWwKs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08281f435d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 35530
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 forex.webp
onoffrefund.com/wp-content/uploads/2016/12/ 14 KB
14 KB 116ms
116ms Image
image/webp 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/forex.webp
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ae73e434b91255fb78e52dba94f0a401d3f3791550e0457e495d135bcab85ea

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 22:24:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bgXNne%2FONqjS0xL%2BdyzOOI4FMi7DA%2BxHU4pHDH5R4c7n2UE8jsCilcS7V%2BVX6bskRJecfjUIGGBHF0HUld6Peu2Phb%2FDqlmEUK8w0CUpgviapk22hH%2BEDl4CItXmwV%2BqppR8KHOBRs9Ar6vl%2BaM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08281f465d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 14008
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 binqry-options.webp
onoffrefund.com/wp-content/uploads/2016/12/ 12 KB
12 KB 101ms
100ms Image
image/webp 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/binqry-options.webp
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce8f349ac9c86ce5ade0ccec13d982a6b6b627cec7a21bd0d2fe87c494e1ca56

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 22:09:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b%2BloRJJHMa%2B9SSw5CNsPLdT2n24SrbloUA1WJW%2FiRiDUGlJ37mWNiZwWKVHF4Oi2aKziMrZOtOULF%2Bx1FWMg%2FLwcroV%2Bv8bSyH5wSPkYMJubH4JZH6rShar8gnP%2B5I20YWfw%2BhvjTkGF1wl1ZUM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08281f475d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 12236
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 crypto.webp
onoffrefund.com/wp-content/uploads/2016/12/ 25 KB
26 KB 127ms
126ms Image
image/webp 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/uploads/2016/12/crypto.webp
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd145f6cb9591614bf976ddafc4c53be78feee505051b6f6358e435f3615d678

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Sat, 04 May 2024 22:19:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fk6AyOfQZ43%2FzBrFg0gKEMPCTM%2FESXqjUSJh8fsaxqSzzQt%2B58I0X8FmmylFv%2FrOFgiRtaev89mYhJ%2FhNXg%2BK2qTzP6tlumXiSH41LLXIHk3yv%2Bp9NGq9auAYq3g0Tg66VaPGeWcwt0oVdJ%2BoRw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08281f4a5d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 25686
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET stars-5.svg
payback-ltd.com/testimonials/stars/ 0
0

GET
H3

200

embed
www.google.com/maps/ Frame 5924
Redirect Chain

https://maps.google.com/maps?width=100%25&height=600&hl=en&q=Pl.%20de%20la%20Bourse,%2075002%20Paris,%20France+(ONOFF%20Refund)&t=&z=14&ie=UTF8&iwloc=B&output=embed
https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1sPl.+de+la+Bourse,+75002+Paris,+France!6i14!3m1!1sen!5m1!1sen

0
0

324ms
280ms

Document
text/html

2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1sPl.+de+la+Bourse,+75002+Paris,+France!6i14!3m1!1sen!5m1!1sen

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-kpL9Gvl_79yqFnJOLqlXwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onoffrefund.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 941
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-kpL9Gvl_79yqFnJOLqlXwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
date: Thu, 11 Jul 2024 21:54:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
vary: Origin X-Origin Referer
x-content-type-options: nosniff
x-robots-tag: noindex,nofollow
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Thu, 11 Jul 2024 21:54:24 GMT
location: https://www.google.com/maps/embed?origin=mfe&pb=!1m3!2m1!1sPl.+de+la+Bourse,+75002+Paris,+France!6i14!3m1!1sen!5m1!1sen
server: scaffolding on HTTPServer2
vary: Origin X-Origin Referer
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 364 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49e3c47a3e758a9c0f7639d801cc4d987a215a939e60160c7fdbb6d0a0cb82f8

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjMDrMfIA.woff2
fonts.gstatic.com/s/raleway/v34/ 22 KB
23 KB 61ms
23ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v34/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjMDrMfIA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway%3A400%2C400i%2C500%2C600%2C700%7CLato&ver=6.5.5#038;display=fallback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29de03aaf7a0844578daef59eabdbd1cfe9257873765938cc51a3c9a3af843b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://onoffrefund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Tue, 09 Jul 2024 10:12:35 GMT
x-content-type-options: nosniff
age: 214909
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22800
x-xss-protection: 0
last-modified: Wed, 01 May 2024 20:31:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Jul 2025 10:12:35 GMT

GET
H2 200 banner.js Show response
js-eu1.hs-banner.com/v2/144659521/ 71 KB
26 KB 194ms
109ms Script
text/javascript 172.65.202.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-banner.com/v2/144659521/banner.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/144659521.js?integration=WordPress&ver=11.1.11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ff3e5d3bea4cfa98695071dbb75240665a0f01885a7de87683915d076401aad

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
x-amz-version-id: iaLeHDcGsfADymYBAFaX0WdbmGAOjM1a
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: TCRQX8HWE8TF6PRX
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 6e064128-a2e0-4b69-8c8d-896e9caef151
x-envoy-upstream-service-time: 52
x-amz-id-2: cDLzC1tBIkWbKCI7ry6z1bxJdehnMNUlR+4JGbRC3pigzNIoxoBYj5+R87JUx32AQ2I0fQr1RvA=
x-evy-trace-listener: listener_https
x-request-id: 6e064128-a2e0-4b69-8c8d-896e9caef151
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 13 May 2024 11:11:15 GMT
server: cloudflare
etag: W/"950a55f89f33d72dac3899a80b99a658"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://onoffrefund.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-f5f6f765-8wv55
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8a1c08298fea30d2-FRA
expires: Thu, 11 Jul 2024 21:59:24 GMT

GET
H2 200 144659521.js Show response
js-eu1.hs-analytics.net/analytics/1720734600000/ 67 KB
24 KB 162ms
73ms Script
text/javascript 172.65.238.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-eu1.hs-analytics.net/analytics/1720734600000/144659521.js
Requested by: Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/144659521.js?integration=WordPress&ver=11.1.11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5939761a7c572fa93984eea2b20cd6c1f6d4771116bb490da6948e1d69f6b220

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: TCRJ52Q7H3GPVMQ0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 40418bb1-d9aa-4bdb-b961-440bfdc7023e
x-envoy-upstream-service-time: 27
x-amz-id-2: MOHzXbXUaOaEPDHv1Mnjq+jYLi3+V2h1UZJ5B1qHf4XQvH2ocbqQg7yYzDomeqxaE+3jyplcaXg=
x-evy-trace-listener: listener_https
x-request-id: 40418bb1-d9aa-4bdb-b961-440bfdc7023e
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 09 Jul 2024 19:14:21 GMT
server: cloudflare
etag: W/"5cfd4821b0ad6b4d2dd4f3c2d634ba05"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/analytics-js-proxy-td/envoy-proxy-f5f6f765-tzlhx
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8a1c082999402bda-FRA
expires: Thu, 11 Jul 2024 21:59:24 GMT

GET
H2 200 collectedforms.js Show response
js-eu1.hscollectedforms.net/ 69 KB
25 KB 355ms
257ms Script
application/javascript 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hscollectedforms.net/collectedforms.js

Requested by

Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/144659521.js?integration=WordPress&ver=11.1.11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
Origin: https://onoffrefund.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.503/bundles/project.js&cfRay=8a1c0829aded2be6-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"7d377a186677c174f204d466b8fa5fdb"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.503/bundles/project.js
date: Thu, 11 Jul 2024 21:54:25 GMT
x-amz-version-id: WQne3xdBhaNpu67z_dXMAVxQ_qJQQf8W
x-content-type-options: nosniff
cf-cache-status: MISS
via: 1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-hubspot-correlation-id: d545bb59-d766-40ae-a527-0c3b7ea0985b
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 211
x-evy-trace-route-configuration: listener_https/all
x-request-id: d545bb59-d766-40ae-a527-0c3b7ea0985b
last-modified: Wed, 15 May 2024 14:34:44 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-5dd8ff7977-4tvf2
cf-ray: 8a1c0829aded2be6-FRA
x-amz-cf-id: iC_Bn0z9vyQcDOmsfGhLWpF-3TwqJqcT543yw51DYVnHEuBOOzswrg==

GET
H3 200 wp-emoji-release.min.js Show response
onoffrefund.com/wp-includes/js/ 18 KB
5 KB 94ms
94ms Script
application/javascript 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UZR%2FTVDkcIOBlBE4quggEHUSQ%2BH38fiQKZO5qvOkdLgpcoYF8DF13fVTULhFC6VpTryJcWR4zGOmFClrNctpO1gK3RMWBqP4ssM%2FrRCum8EIeWwmcXkiXJje3U1iayphs8jTHDB4Afix5gsHxk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 8a1c082a59725d79-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H3 200 gb.svg
cdn.weglot.com/flags/rectangle_mat/ 607 B
860 B 78ms
42ms Image
image/svg+xml 2606:4700::6812:620
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.weglot.com/flags/rectangle_mat/gb.svg

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.2.6

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:620 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

720d4a3364adb0f6dab95c8339fc8538a4388e302b8a8173d401e8471998ebf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
x-amz-version-id: null
via: 1.1 04e9e9d9b90b8bb096dac156f847c1a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P3
age: 10377196
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 16:04:53 GMT
server: cloudflare
etag: W/"006007133f2f5769b083935b65c12e4e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8a1c082a89ca65c9-FRA
x-amz-cf-id: c14-dPtGRJug5FHGcVw-396hti5MFM-NFaaKh5cycisuBIxUbYQRqg==
expires: Fri, 11 Jul 2025 21:54:25 GMT

GET
H3 200 wgarrowdown.png
onoffrefund.com/wp-content/plugins/weglot/dist/images/ 164 B
675 B 211ms
211ms Image
image/png 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://onoffrefund.com/wp-content/plugins/weglot/dist/images/wgarrowdown.png
Requested by: Host: onoffrefund.com
URL: https://onoffrefund.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a04bb59c5ba002cc53c6df3b51a0bf083fe846296268d66d91a5650f12adefc

Request headers

Referer: https://onoffrefund.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
cf-cache-status: MISS
last-modified: Mon, 13 May 2024 11:19:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tWSZPUmZiwkd2Qi78heLkN3%2BH%2F0aZNkqPnq%2Fd1kgP%2B%2F3IYSYIUzI3GWItIdP2cloCaLXE8kB220lhOYL54GMDDlSGN%2BTTV7JFDOvrp684usHQT5RvRjnoa4gThwalkeYM7CAj8NOIuxRlWGvCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c082a59755d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 164
expires: Thu, 18 Jul 2024 21:54:21 GMT

GET
H/1.1 200
OK json Show response
forms-eu1.hsforms.com/embed/v3/form/144659521/63571541-33eb-4e59-b02e-c990bcaa14c6/ 13 KB
5 KB 152ms
73ms XHR
application/json 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hsforms.com/embed/v3/form/144659521/63571541-33eb-4e59-b02e-c990bcaa14c6/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387

Requested by

Host: js-eu1.hsforms.net
URL: https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82b6da56c8c363f3d78fc9c2f923c4b09623676259eca7389c74101f0e1a720f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet: eu1
Date: Thu, 11 Jul 2024 21:54:25 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 01207b1c-e8ef-4a4a-8adb-89579aeec158
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 28
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 01207b1c-e8ef-4a4a-8adb-89579aeec158
Server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
access-control-allow-origin: https://onoffrefund.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
access-control-allow-credentials: false
Cache-Control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: *
CF-RAY: 8a1c082adba89131-FRA
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-5b798b5cb4-vw5gt

GET
H2 200 v2.js Show response
js-eu1.hsforms.net/forms/embed/ Frame 509A 482 KB
0 0ms
0ms Script
application/javascript 172.65.255.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11

Requested by

Host: js-eu1.hsforms.net
URL: https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
age: 22
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a1c079ccf835cb0-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Thu, 11 Jul 2024 21:54:24 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P6
x-hubspot-correlation-id: 25ed723e-0baa-496a-b86c-ed3663b968ee
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 25ed723e-0baa-496a-b86c-ed3663b968ee
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uStVN9HcmfBAwC9YA8yRaqhOMZbQ9TReyCmBbaCBySE7bcnyXM184vjiTaj%2Fq7ZQD%2FevG4Jwu03u0zspfNh9Q4v6JrQ9rblUD2v6SCPIV%2Bjzy65ZvqGif9ngZpEBvZrR%2BIER9g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-5dd8ff7977-w9t25
cf-ray: 8a1c082888c792c5-FRA
x-amz-cf-id: 2CtVzlz1PdrsZIPWHqrqbDmhqKqsoOKOemEBYZ1_ZTaW2gtVZxBOdg==

GET
H2 200 json Show response
forms-eu1.hscollectedforms.net/collected-forms/v1/config/ 136 B
400 B 72ms
52ms XHR
application/json 172.65.192.122
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=144659521&utk=

Requested by

Host: js-eu1.hscollectedforms.net
URL: https://js-eu1.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f41671114099e27d29830a99df86db0efa0d42983fbd11d92dac934d0f872f76

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8c73e094-8e3c-472c-816d-5121f6ddcbaa
x-envoy-upstream-service-time: 15
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8c73e094-8e3c-472c-816d-5121f6ddcbaa
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://onoffrefund.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: fra04/app-td/envoy-proxy-5dd8ff7977-4tvf2
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8a1c082b8f942be6-FRA

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 402ms
48ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Thu, 11 Jul 2024 21:54:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3a5be27f-ff90-40e6-b5a1-e928d9198398
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3a5be27f-ff90-40e6-b5a1-e928d9198398
Server: cloudflare
vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-5b798b5cb4-lth4g
access-control-expose-headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
CF-RAY: 8a1c082ddc4a91ed-FRA

GET
H2 200 forms
app.hubspot.com/embedded-viral-link/ Frame 6EC4 0
0 208ms
133ms Document
text/html 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/embedded-viral-link/forms?lang=en&portalId=144659521&hubs_id=forms-branding-control&hubs_source=onoffrefund.com&intent=marketingFreeForms

Requested by

Host: js-eu1.hsforms.net
URL: https://js-eu1.hsforms.net/forms/embed/v2.js?ver=11.1.11

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' www.hubspot.com .hsappstatic.net .hs-analytics.net .hs-banner.com .hsforms.net .hsleadflows.net .hs-scripts.com .hubspotfeedback.com .usemessages.com js.hubspot.com .hsadspixel.net .hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob:; report-uri https://send.hsbrowserreports.com/csp/report?resource=embedded-viral-link-ui/static-1.946/html/index.html&cfRay=8a1c082c399d35fc&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fembedded-viral-link%2Fforms%3Flang%3Den%26portalId%3D144659521%26hubs_id%3Dforms-branding-control%26hubs_source%3Donoffrefund.com%26intent%3DmarketingFreeForms&referrer=&cfenv=prod&pdt=2024-07-11&csp=en
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 31011
cache-control: max-age=0, no-cache, no-store
cf-cache-status: HIT
cf-ray: 8a1c082c399d35fc-FRA
content-encoding: br
content-security-policy: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob:; report-uri https://send.hsbrowserreports.com/csp/report?resource=embedded-viral-link-ui/static-1.946/html/index.html&cfRay=8a1c082c399d35fc&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fembedded-viral-link%2Fforms%3Flang%3Den%26portalId%3D144659521%26hubs_id%3Dforms-branding-control%26hubs_source%3Donoffrefund.com%26intent%3DmarketingFreeForms&referrer=&cfenv=prod&pdt=2024-07-11&csp=en
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com 'unsafe-inline'; report-uri https://send.hsbrowserreports.com/csp/report?resource=embedded-viral-link-ui/static-1.946/html/index.html&cfRay=8a1c082c399d35fc&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fembedded-viral-link%2Fforms%3Flang%3Den%26portalId%3D144659521%26hubs_id%3Dforms-branding-control%26hubs_source%3Donoffrefund.com%26intent%3DmarketingFreeForms&referrer=&cfenv=prod&pdt=2024-07-11&csp=ro
content-type: text/html; charset=utf-8
date: Thu, 11 Jul 2024 21:54:25 GMT
expires: Fri, 12 Jul 2024 21:54:25 GMT
last-modified: Thu, 11 Jul 2024 09:36:24 GMT
nel: {"report_to":"nel","max_age":86400}
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]} {"group":"nel","max_age":86400,"endpoints":[{"url":"https://nel.hsbrowserreports.com/browser/reporting/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8a1c082c399d35fc&resource=embedded-viral-link-ui/static-1.946/html/index.html"
server: cloudflare
server-timing: cfr;desc=8a1c082c399d35fc, d;desc="embedded-viral-link-ui#cb557923-af20-4a5d-b963-b53a39f75522"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 cbd5498107be7e5bcccda272c5fdbef4.cloudfront.net (CloudFront)
x-amz-cf-id: W5qoUSTLDRkJgCFxn_TIO2o45sbc26KuLbDBhPvmuqakwllaojdbsg==
x-amz-cf-pop: FRA60-P6
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: 6VG9Tf4PhyVE7sCh.qPJLIRAwqsfgw9v
x-cache: Miss from cloudfront
x-content-type-options: no-sniff
x-hs-target-asset: embedded-viral-link-ui/static-1.946/html/index.html
x-hs-worker-debug-mode: false

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 397ms
50ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Thu, 11 Jul 2024 21:54:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7f3964c9-762f-4ecc-97fe-93b172598e5e
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7f3964c9-762f-4ecc-97fe-93b172598e5e
Server: cloudflare
vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-5b798b5cb4-lth4g
access-control-expose-headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
CF-RAY: 8a1c082df95b2bf0-FRA

GET
H/1.1 200
OK counters.gif
forms-eu1.hsforms.com/embed/v3/ 35 B
1 KB 399ms
48ms Image
image/gif 172.65.232.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: onoffrefund.com
URL: https://onoffrefund.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Thu, 11 Jul 2024 21:54:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c23a6ffd-4b8f-41b5-aea1-b28857a92457
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c23a6ffd-4b8f-41b5-aea1-b28857a92457
Server: cloudflare
vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/star-hubspot-td/envoy-proxy-5b798b5cb4-vw5gt
access-control-expose-headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
CF-RAY: 8a1c082e1c0b35eb-FRA

GET
H2 200 144659521.js Show response
js-eu1.hs-scripts.com/ 2 KB
826 B 68ms
68ms Script
application/javascript 172.65.208.22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-eu1.hs-scripts.com/144659521.js

Requested by

Host: js-eu1.hs-analytics.net
URL: https://js-eu1.hs-analytics.net/analytics/1720734600000/144659521.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc2a3adb13ccb4d201845c3d7524bff6ead908609563c581e7cba2510e1f60b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 83fcddd2-ceca-4e4c-ad70-008a2c173362
x-envoy-upstream-service-time: 11
content-length: 607
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 83fcddd2-ceca-4e4c-ad70-008a2c173362
last-modified: Tue, 09 Jul 2024 08:21:17 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://onoffrefund.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: fra04/hubapi-td/envoy-proxy-68d6f869c4-n9rrj
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 8a1c082e6f4b2c77-FRA

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
1 KB 141ms
62ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=144659521&ct=standard-page&rcu=https%3A%2F%2Fonoffrefund.com%2F&pu=https%3A%2F%2Fonoffrefund.com%2F&t=OnOff+Refund+%E2%80%93+Law+First&cts=1720734865651&vi=fd1804ecbd9a75ba0885f647ee8af2dc&nc=true&u=148103144.fd1804ecbd9a75ba0885f647ee8af2dc.1720734865650.1720734865650.1720734865650.1&b=148103144.1.1720734865650&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c362a60d-425f-4ac5-92c2-05ecb96f7ce2
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c362a60d-425f-4ac5-92c2-05ecb96f7ce2
last-modified: Thu, 11 Jul 2024 21:54:25 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uUp4xfC%2BAz4Mw8e2Axxk7oRcSjuICQqxtOjc93rQIAILkpkkp2Xsa42NcdXczteAtT42dntpXdxUQ0RT87dGPkDWnB0XzaDh0ICP4CRmMjHvl6DymjeuqtVlfBZ%2F1hktg6zWvCY8kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-5dfb646764-k6t2s
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 8a1c082ee9acbbd9-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track-eu1.hubspot.com/ 45 B
749 B 150ms
74ms Image
image/gif 172.65.240.166
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=63571541-33eb-4e59-b02e-c990bcaa14c6&fci=ec6aed4b-8421-4f69-a295-d1389bc663df&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=144659521&ct=standard-page&rcu=https%3A%2F%2Fonoffrefund.com%2F&pu=https%3A%2F%2Fonoffrefund.com%2F&t=OnOff+Refund+%E2%80%93+Law+First&cts=1720734865652&vi=fd1804ecbd9a75ba0885f647ee8af2dc&nc=true&u=148103144.fd1804ecbd9a75ba0885f647ee8af2dc.1720734865650.1720734865650.1720734865650.1&b=148103144.1.1720734865650&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ce1e4021-06f6-4285-9fce-83ee0004470c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 2
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ce1e4021-06f6-4285-9fce-83ee0004470c
last-modified: Thu, 11 Jul 2024 21:54:25 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21Njpp1GAa3sPo2xzzXxd%2Bx6TbtIKSU2CFZfwnvILLZjYy3TIaQeaoPUSaSRhwSeRprwvf1CxCKFiGQ%2FPv1OelGvFUDSYn%2BJ66oOTpfJcd%2BEyNdh1NzxbRw75ZDDbie%2FdftMzEGJWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: fra04/analytics-tracking-td/envoy-proxy-5dfb646764-qfh69
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 8a1c082ee9b0bbd9-FRA
x-robots-tag: none

GET
H3 200 removal.ai_9883199a-2369-4080-92a3-5b5b0744c55c-onoff-transformed_D2XUJ0.png
onoffrefund.com/wp-content/uploads/2024/05/ 54 KB
0 0ms
0ms Other
image/png 2606:4700:3036::6815:4495
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/uploads/2024/05/removal.ai_9883199a-2369-4080-92a3-5b5b0744c55c-onoff-transformed_D2XUJ0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4d16926527e52341a2b39393587a85197abe6c8b5f0ed7ad3b5213ca226c0db

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 20:51:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHx%2FGfC10ghXKv8iKXg%2B77pRIfBIivZ%2B6CiBrae1QQ2ZXVrZvF0qzwcZw1APzTeAB3wDOY517Qi8dcZxnXpxK%2BOBc5jG3VhnbOKSP7U0f7z6ImYUdDCsuslwz2mxs59zXnLfbJgoVexpvuiPunc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08264d7d5d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 54875
expires: Thu, 18 Jul 2024 21:54:20 GMT

General

Check archive.org

Show headers Download Go to

Full URL: https://onoffrefund.com/wp-content/uploads/2024/05/removal.ai_9883199a-2369-4080-92a3-5b5b0744c55c-onoff-transformed_D2XUJ0.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:4495 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4d16926527e52341a2b39393587a85197abe6c8b5f0ed7ad3b5213ca226c0db

Request headers

Referer: https://onoffrefund.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Thu, 11 Jul 2024 21:54:24 GMT
cf-cache-status: MISS
last-modified: Fri, 03 May 2024 20:51:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HHx%2FGfC10ghXKv8iKXg%2B77pRIfBIivZ%2B6CiBrae1QQ2ZXVrZvF0qzwcZw1APzTeAB3wDOY517Qi8dcZxnXpxK%2BOBc5jG3VhnbOKSP7U0f7z6ImYUdDCsuslwz2mxs59zXnLfbJgoVexpvuiPunc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 8a1c08264d7d5d79-FRA
alt-svc: h3=":443"; ma=86400
content-length: 54875
expires: Thu, 18 Jul 2024 21:54:20 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: payback-ltd.com
URL: https://payback-ltd.com/testimonials/stars/stars-5.svg

Domain: payback-ltd.com
URL: https://payback-ltd.com/testimonials/stars/stars-5.svg

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 21:58:56	Name: __cf_bm Value: .fscFWkBEM54yY_4n4Kpr4E7wvaDi2R8QlgD0JvDaZI-1720734864-1.0.1.1-jb_65nNoBuwZAYBahBVeGzxplJRB7YNvuGDdp2VRytvXo_geK53el80HWSmuZVawKMC8Wd3yrabKERmOEJEEOQ
.hsforms.com/	1970-01-20 21:58:56	Name: __cf_bm Value: 3Y5tXyu_CT2zm.AecbN7VxctmWCDb4JoxOfDqA9G8Fw-1720734865-1.0.1.1-tvySDn_9eNCDy_8N6LNkOUgYCyZLR5MUvQr8pnX9zIpoiUUkd0GwwEa84p5UUo3ZwsHCLsGSSLeA_an6xKrdPw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: rvaHN0AJBKhT8zm_j8z_OtV8VKrPb1udgm6h93iegP0-1720734865632-0.0.1.1-604800000
.onoffrefund.com/	1970-01-21 02:18:06	Name: __hstc Value: 148103144.fd1804ecbd9a75ba0885f647ee8af2dc.1720734865650.1720734865650.1720734865650.1
.onoffrefund.com/	1970-01-21 02:18:06	Name: hubspotutk Value: fd1804ecbd9a75ba0885f647ee8af2dc
.onoffrefund.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.onoffrefund.com/	1970-01-20 21:58:56	Name: __hssc Value: 148103144.1.1720734865650
.hubspot.com/	1970-01-20 21:58:56	Name: __cf_bm Value: VbSKxgn5oTltUITtrJkxz8RUBD6ZAtldSlpcHO_L5jg-1720734865-1.0.1.1-49yx9HOVPBPL.xvETee4ybiRJVRFU2ye3xofbQmRP08Cfb.TzyInJv1No8RPypLUoMX4K8sr2yXV0wGLTh0hLQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: qxkeaiaKIqVhrzmxbLF13RRjim.9k4VywNZWr6cH.fg-1720734865982-0.0.1.1-604800000
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 872631b1ea96d963

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://onoffrefund.com/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
cdn.weglot.com
fonts.googleapis.com
fonts.gstatic.com
forms-eu1.hscollectedforms.net
forms-eu1.hsforms.com
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hscollectedforms.net
js-eu1.hsforms.net
maps.google.com
onoffrefund.com
payback-ltd.com
track-eu1.hubspot.com
www.google.com
payback-ltd.com
172.65.192.122
172.65.202.201
172.65.208.22
172.65.232.43
172.65.238.60
172.65.240.166
172.65.255.172
2606:4700:3036::6815:4495
2606:4700::6810:7674
2606:4700::6812:620
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:811::2004
2a00:1450:4001:81d::200e
0a04bb59c5ba002cc53c6df3b51a0bf083fe846296268d66d91a5650f12adefc
16ea240fd5bf19fd75facd17e8620bc45cc9e9aabac672c06e4d0e19b3cbd44a
1e6b8378d958cc45912851e02974b92f47a01c49240eb06e5cb755ccc0191c96
29de03aaf7a0844578daef59eabdbd1cfe9257873765938cc51a3c9a3af843b4
33f0ae82128ddb01e10b0f1cff6e8ad5c9e5321105d9b32071b9846d1ba2016f
42934f8af32995a11789a2f9ccfaf0acf4394f74a1499a27274e8f3ac3f0383e
44c0c6fe58a3b5a49bed26ddd347fbc788015eb6d0ea34883b4871b6b981d4ef
46e36dd6ca93014e4915c723632bf180d27cc96ccfb7c26e69213e1a82129a62
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098
49e3c47a3e758a9c0f7639d801cc4d987a215a939e60160c7fdbb6d0a0cb82f8
4ae73e434b91255fb78e52dba94f0a401d3f3791550e0457e495d135bcab85ea
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52a0d65a1aa25a21c16bf3f593828e2dceb7aa12ef35b4f1d583d3017b344471
53a3dc763a0bd679523a77f5610e4ab27231fe6763d7089c1c92966daa1663f7
5939761a7c572fa93984eea2b20cd6c1f6d4771116bb490da6948e1d69f6b220
5ab6cdb80f2e83299f2195a55b8113b16fb567deda8b6cb2ac01c0bc34ec6c9b
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5e105abc19ed9e7475e2da8e817daa17244507ac5a9c235fcf8955760f5c49e5
5ff3e5d3bea4cfa98695071dbb75240665a0f01885a7de87683915d076401aad
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
720d4a3364adb0f6dab95c8339fc8538a4388e302b8a8173d401e8471998ebf1
74110cf04c05b69b63f47ec3b5d7abb4fc7cefcf82a5bc8001c35eb501cc2d04
82b6da56c8c363f3d78fc9c2f923c4b09623676259eca7389c74101f0e1a720f
84f5f5aa795694fd24258c8dee7a6f36f94a505f6f0446e06515f6114864f037
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
9bfce655034480dd01a045cc1318e4044b4df2fd085079154570bf82e11084e3
a2bda05b8d03b55d5cdcd30f52a83c6e214dba660e5f5dfd8ce69673625c4190
a4d16926527e52341a2b39393587a85197abe6c8b5f0ed7ad3b5213ca226c0db
a75f0ec17eba121d8780a684752c72947d889dc9e0adb58bbaf31a71a38fedb1
a9fcf925fa5dfe86df2157872945db8989789f7ca0905a0a6171af1fd035aa34
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b692f881527cc9c09a9920f5ab8b9a5d6f5010fbb98663409e89f85be6ce9877
bd145f6cb9591614bf976ddafc4c53be78feee505051b6f6358e435f3615d678
bd94406ef5c26196e144d9d2223e554f0d91e2deb5dfccd3b8b1f6cdfc568a55
c1b79a046062699d13f8f357fe188c26f595c3166016b3010efed03189a400d3
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
ccd31ffa708d025833f954b3e0560cedd58df9a0d2706b2ccee5f501c5b2467b
ce8f349ac9c86ce5ade0ccec13d982a6b6b627cec7a21bd0d2fe87c494e1ca56
d702e5ed1e573918d912775ac1e88987fc177aa51efe1253a08f71ab54f96516
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de10df7a2fc0311063d3f859e1f7ea8069ce073ceda95c7fadb0e42b2ad9ebfe
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e02c92ce9f612172fa8d4d7f1b9431938c1182663c21a7ef771976e51318dac0
e73b23b9562a38ae023e9fdd34f8c4ca9d77a3ac2c574a1c48d7e7ef629d71c9
ee0ce5da36e2cd0d8e5a88229849651f7479335296508580020c2ec442ba9fcb
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
f41671114099e27d29830a99df86db0efa0d42983fbd11d92dac934d0f872f76
fc2a3adb13ccb4d201845c3d7524bff6ead908609563c581e7cba2510e1f60b6
ff9872bbe7094e792e5ea4af1a77455f47b5fea031c7dfe8aac87d16359368ed

onoffrefund.com Open in urlscan Pro 2606:4700:3036::6815:4495 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

60 Requests

95 %HTTPS

50 %IPv6

13 Domains

16 Subdomains

14 IPs

2 Countries

1807 kBTransfer

4542 kBSize

10 Cookies

2 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

onoffrefund.com Open in urlscan Pro
2606:4700:3036::6815:4495 Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

95 %
HTTPS

50 %
IPv6

13
Domains

16
Subdomains

14
IPs

2
Countries

1807 kB
Transfer

4542 kB
Size

10
Cookies

60 HTTP transactions
2 data transactions