returncustomer.com Open in urlscan Pro
172.67.208.174 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.returncustomer.com/
Effective URL:
https://returncustomer.com/
Submission: On October 02 via automatic, source certstream-suspicious (October 2nd 2021, 8:46:09 pm UTC) — Scanned from DE

Summary HTTP 155 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 36 domains to perform 155 HTTP transactions. The main IP is 172.67.208.174, located in United States and belongs to CLOUDFLARENET, US. The main domain is returncustomer.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2021. Valid for: a year.

This is the only time returncustomer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	172.67.208.174 172.67.208.174	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.138 142.250.185.138	15169 (GOOGLE) (GOOGLE)
5	104.21.85.176 104.21.85.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	104.17.212.204 104.17.212.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.185.238 142.250.185.238	15169 (GOOGLE) (GOOGLE)
1	104.20.20.239 104.20.20.239	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
19	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	108.177.15.156 108.177.15.156	15169 (GOOGLE) (GOOGLE)
7	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	104.17.230.204 104.17.230.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.21.191 104.18.21.191	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.127.171 104.17.127.171	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.67.176 104.17.67.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
6	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	104.19.155.83 104.19.155.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.88.5 104.16.88.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
8	52.34.133.113 52.34.133.113	16509 (AMAZON-02) (AMAZON-02)
12	142.250.185.129 142.250.185.129	15169 (GOOGLE) (GOOGLE)
2 10	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.33.223.38 185.33.223.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
14	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
1	104.111.233.93 104.111.233.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	63.32.159.255 63.32.159.255	16509 (AMAZON-02) (AMAZON-02)
1	34.249.249.23 34.249.249.23	16509 (AMAZON-02) (AMAZON-02)
6	104.111.244.187 104.111.244.187	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.205.43.40 52.205.43.40	14618 (AMAZON-AES) (AMAZON-AES)
2	172.217.16.131 172.217.16.131	15169 (GOOGLE) (GOOGLE)
1	142.250.185.206 142.250.185.206	15169 (GOOGLE) (GOOGLE)
1	104.16.139.31 104.16.139.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.236.15 157.240.236.15	32934 (FACEBOOK) (FACEBOOK)
1	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
1 2	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	91.228.74.198 91.228.74.198	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	52.68.53.67 52.68.53.67	16509 (AMAZON-02) (AMAZON-02)
1	34.253.150.6 34.253.150.6	16509 (AMAZON-02) (AMAZON-02)
155	43

3 172.67.208.174 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.returncustomer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
returncustomer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.138 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.21.85.176 (None, )

ASN13335 (CLOUDFLARENET, US)

returncustomer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.212.204 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.20.239 (None, )

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

load.sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.177.15.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wr-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.230.204 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.21.191 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.127.171 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.67.176 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.155.83 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.88.5 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

returncustomer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.34.133.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-133-113.us-west-2.compute.amazonaws.com

sumo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.38 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.233.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-93.deploy.static.akamaitechnologies.com

c.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.159.255 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

bmwmini.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.249.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-249-23.eu-west-1.compute.amazonaws.com

secure-gg.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.244.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-244-187.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.43.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-43-40.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.131 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f131.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f14.1e100.net

clients6.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.139.31 (None, )

ASN13335 (CLOUDFLARENET, US)

api.bufferapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.236.15 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-frx5.facebook.com

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.84 (United States)

ASN54113 (FASTLY, US)

widgets.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.140 (United States) 1 redirects

ASN54113 (FASTLY, US)

reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.198 (United Kingdom)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.68.53.67 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-68-53-67.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.150.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-150-6.eu-west-1.compute.amazonaws.com

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	383 KB
27	sumo.com load.sumo.com sumo.com	652 KB
19	doubleclick.net 2 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	90 KB
14	2mdn.net s0.2mdn.net	332 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	274 KB
8	returncustomer.com 1 redirects www.returncustomer.com returncustomer.com	92 KB
7	google.com www.google.com adservice.google.com clients6.google.com	2 KB
6	evidon.com c.evidon.com	16 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	2 KB
4	googletagservices.com www.googletagservices.com	95 KB
4	hubspot.com forms.hubspot.com track.hubspot.com	5 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	761 B
2	reddit.com 1 redirects reddit.com www.reddit.com	867 B
2	facebook.com graph.facebook.com api.facebook.com	1 KB
2	demdex.net 1 redirects bmwmini.demdex.net	2 KB
2	betrad.com c.betrad.com l.betrad.com	2 KB
2	adnxs.com 2 redirects ib.adnxs.com	2 KB
2	pingdom.net rum-static.pingdom.net rum-collector-2.pingdom.net	3 KB
2	google-analytics.com www.google-analytics.com	20 KB
1	adingo.jp cc.adingo.jp	44 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	456 B
1	mookie1.com odr.mookie1.com	607 B
1	quantserve.com cms.quantserve.com	463 B
1	pinterest.com widgets.pinterest.com	301 B
1	bufferapp.com api.bufferapp.com	443 B
1	imrworldwide.com secure-gg.imrworldwide.com	297 B
1	disqus.com returncustomer.disqus.com	2 KB
1	hsforms.com forms.hsforms.com	519 B
1	googleadservices.com partner.googleadservices.com	663 B
1	hs-analytics.net js.hs-analytics.net	20 KB
1	hscollectedforms.net js.hscollectedforms.net	26 KB
1	hs-banner.com js.hs-banner.com	16 KB
1	hsleadflows.net js.hsleadflows.net	87 KB
1	hs-scripts.com js.hs-scripts.com	981 B
155	36

	Domain	Requested by
19	load.sumo.com	returncustomer.com load.sumo.com
18	pagead2.googlesyndication.com	returncustomer.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net www.googletagservices.com
14	s0.2mdn.net	returncustomer.com s0.2mdn.net googleads.g.doubleclick.net
12	tpc.googlesyndication.com	returncustomer.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
8	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net returncustomer.com
8	sumo.com	load.sumo.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com returncustomer.com googleads.g.doubleclick.net
7	returncustomer.com	returncustomer.com
6	c.evidon.com	c.betrad.com googleads.g.doubleclick.net c.evidon.com
6	fonts.gstatic.com	fonts.googleapis.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	returncustomer.com www.googletagservices.com googleads.g.doubleclick.net
4	www.google.com	returncustomer.com googleads.g.doubleclick.net tpc.googlesyndication.com js.hsleadflows.net
3	fonts.googleapis.com	returncustomer.com googleads.g.doubleclick.net client
2	track.hubspot.com
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.gstatic.com	googleads.g.doubleclick.net www.google.com
2	googleads4.g.doubleclick.net	returncustomer.com
2	bmwmini.demdex.net	1 redirects googleads.g.doubleclick.net
2	ib.adnxs.com	2 redirects
2	forms.hubspot.com	js.hscollectedforms.net js.hsleadflows.net
2	adservice.google.com	pagead2.googlesyndication.com
2	www.google-analytics.com	returncustomer.com www.google-analytics.com
1	rum-collector-2.pingdom.net	rum-static.pingdom.net
1	cc.adingo.jp	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	www.reddit.com	returncustomer.com
1	reddit.com	1 redirects
1	widgets.pinterest.com	load.sumo.com
1	api.facebook.com	load.sumo.com
1	graph.facebook.com	load.sumo.com
1	api.bufferapp.com	load.sumo.com
1	clients6.google.com	load.sumo.com
1	l.betrad.com	googleads.g.doubleclick.net
1	secure-gg.imrworldwide.com	googleads.g.doubleclick.net
1	c.betrad.com	s0.2mdn.net
1	ad.doubleclick.net	www.googletagservices.com
1	returncustomer.disqus.com	returncustomer.com
1	forms.hsforms.com	returncustomer.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	rum-static.pingdom.net	returncustomer.com
1	js.hs-scripts.com	returncustomer.com
1	www.returncustomer.com	1 redirects
155	51

This site contains links to these domains. Also see Links.

Domain
pepeschile.com
www.dadsguidetotwins.com
joerawlinson.com
texadero.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.pingdom.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-15` - `2022-01-15`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.sumo.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-04` - `2022-05-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.betrad.com DigiCert SHA2 Secure Server CA	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.evidon.com DigiCert SHA2 Secure Server CA	`2021-05-30` - `2022-06-08`	a year	crt.sh
api.bufferapp.com DigiCert SHA2 Secure Server CA	`2020-06-24` - `2022-08-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-13` - `2021-10-11`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-27` - `2022-08-05`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://returncustomer.com/
Frame ID: 5DDA5F19E4A752FA722E0E0436C37E1D
Requests: 76 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20190131/zrt_lookup.html
Frame ID: 16EAC6BA1576BF1D5CC602A5C9B73788
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&adk=1812271804&adf=3025194257&lmt=1633207562&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freturncustomer.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207562635&bpp=2&bdt=923&idt=104&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4079280996818&frm=20&pv=2&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=120
Frame ID: 04920D030DF5969883DCD3324EB9C6DA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
Frame ID: 218F51D46E0ADEB1424DCBBB7DCB0FD6
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Frame ID: 147AED80ED53B7E5DAB7F876460D503D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA
Frame ID: 02B15CBA3451A1BE9C249907ED1DC878
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BroneSLB_zggVH63A6D95ykt1yTGAiU10o_FLA94vuaZNaH7FH2_LykoxC40uduBYDjsXqMjlT3Ss9291ODtcmu6ZbbBnaZ0lyQJ8puhHmuRN33diKZa6PmNaSmOZYGHXa8eIdrvmT3FQ7DvY8e8Z8yyVRLg&cry=1&dbm_d=AKAmf-DWmBeJKOFknzXV3BqNL_CVXv0cfZXY4o-fnWwTquz-AuOBqlM-XuNPgLK4w-AKbUe43Ssl0NXdsbuqv_NnMXiNOoDdfNwv8m603TxJC9XDIYVOYuZU_tXSeGsfK3IMFsmtltixyL15SnjjIc1YX5VnX9pKr2dprT3lJnJdChmMoSKXBib24PVWI5eHkDiaGQ7rAKQjfjuzDy6LGSKtCoMISPXKRn6utLFOybEajl-X8UY1gLi3n4z5QSUaKKEr_LumLAA0ed9F7UlyyEZucbV8uQvoBH4Rze38LcgFqSG19m7pYYTWpFYV41xfYaXTbK6-naBqjqHqzb3N6Dfrfi37G--EaVeKJ3xsfLnhaMEfEkOpAc5sy3E81FIc2AsmImEpZgOK3zJlpUFKUGVzKHBBy3e5HLgy-wtGlEfMGq8GHRePPleRzoH9tpbJlYnS8YO-GJpnifr4CMThjoIZhOti3X8RXuHGOd1mRXKeNFJXyFE2MFvGCfwKudqaM5S7lNUuaygf_YHRjCQmGpe0Rcyv7nGdcL5Nj07X8-0G9b3ubyVbW69qGlc5en9ApplJ4njMavZUgH1KRZS9jlpmHR13Mxer7h2TxfY8srh3fyNmUKIfnCdF0LWFomM5RVStUNpAi_3wJS-FKxFjxj5rlNPsDN4ro87lA364_oBYTkEm0fxVhQpFqCP8TOq52LcLzZva4h2ylVePYKEr6BZ6poFuRHKhRiuygmtSsPSgIPHI7yMb2VyZW9GJUQ3N9xqyrFjRQE1nZwwvgdn-VgxBB8fFcbJpZCeBv_4a2BBQAti0d5HMa_JY6CAZAsxt46YqJW0u75ZkH1jf2L7K59fzjA68VLbPPusJ2M5AcHABRhz28I98-bG9VMz8FR6NtBth6hYpicSxmXZw14_BCYhj_rMl6lzgRJHQuHerXHb77JbdVtzrgruaCXboNxXxe4tHJ0nXzxm3RyPG9WVcu2FKDkmUfxUvlPA-XPi0amzpF3qHwrvSMj_aq88bUaQc7UqEUTmvXiSH33llKbka5Ns2M2ajvBCcWkGZpfe-N0XcJdQSuegihL4D2S5JRVVTGCM0xCIkAK4z3hgOJO0KhFYrnxpX54QvQxyePwC-vEDlWJnjhKjOVGZCy6Q9d6VtL8GxGm7MReV4lyqzFWuq0o9YlO1SonAOF4uB3HnpfwAzkRQ_wDJhihUZ-5ylwwl-Kevwjgfvizu__kBXUuWQdIx9wczbsB24WiSKDqbr54bCkL72vimVkz8JBOpky9FvXAkKOZOi0KFjopFpBtBcT9MxK86Ce21v2VbPOrCFvgNEHGmKqPxfP7Z0xv6bUYlvEg6_kocnz3UdH0KSeKY3cfaULRRwwjtD9bj8k1gM6keR-ySfTzMr1b39XCqW0Sh2eTY_vKzvGiskF8nT6XTMiOFvgaP7rtrSuN3pY6jYglshW1tAJ9ceRVmoc0-nUb5yTiDISl92jiirEk86ix9FTFy6_RW0fH69nLVcWFKSzx-F5VsVbNCO6nhmHPvdL0D1m38FKJ6dLsl9Kswys3l4oOzGYW5TD9l5K1Pp6jE2LmsLgJ7bancg8HCdf7dU2r2S7WLHe6La2vaaiWhUw6JJw6thJN0zPBcLBufDv9M-aJDxMKRTog1HcZ_9yLvw83dD5Dbid6dQTwAPcCzyZ95KISwnW7jcxQIQfl3M9uHTjFrQ912Gk-m1j9TKqGBWbs1E8i2xRzhdkCl5tNLTKnuAdYvqQdFAEGxXAXEF9QxyLsaeqNUvP-Y7haCzW3f1wfN-BNYoADRIPEN03ONgUXfgVbIC0B2_wiZeEkPO9Lw1bj_IqFks-EaHGmmx7GMVo-b3UGl3oUgH3IsyFx0YZ6G6GG7UWkot0VeRYKiY4ch66t7Vb0BgbgvC7C5XMFDhIaTAC1lHRBVduQR1CjQdAqlpHRO55apypgbSFfawWl1yeBlTlUMOgSluHnJ9ALe4hlLkElC8an0LiyHfeJqIVAxsl_I_6wVLuKPyjh-aHHv-nnJHIUVbpSKeYTkCjW1vzUUpaOP4RTn_2Hwo_C6rAHah0CUBpa1zwYbs91EOAHPm8ZSCo8VoPcKWakwn2PkL7KFjV5RDp4SKGV3msYgo8Tha60nr6clFidOOaltoYa_0GNtsoAlLcocgxJtm0kXaCbCAkzR9zvfXFdc75GL3BCL14czOAnE8zxkWM9atHswGM6HtSytQC4BNzbtEibIghkTD4D2iKnIgbjSxpfy6DQl4OuJyWlrQu9b54WvG4rDtEUDPHx0Ct61Xt4xEOeEmx8G0NQ3rrxpnMhNhOS6itjjQW2-Z6KIEYYOPcR2_XQkCqo2fY9Xv78NewBSRQjxOmq96anx-nzU3rvoeT3S2Y7Ni7_g17tURRLbmJhWxBfPEGTqPpXtTU2rRc9RbYScEa4YbvYsr1FwwggbCH0cI1QFx5sTDJJe_DrhfTkXf5wZWK70yd-dqCL9HKTPrOS3Xq7iCYtvEyhtD_F4AZsnlhLQlccdF_e2Ad4LYU4MLy1HxiXpfXKhqRecoIOdj4Px_jbNoQ9QMvISjoG8I_hRfS6ghoDzrP7ElMTxGpyFuhLTr5xbMllQ7X6CIyX-s7cDQ_cMYKozplWlsXonRYRigHAXv1sbrHTEXXzitFN1w7obJd7a7ua-Gwc6CARpbZ6h71T01x1HzQaLtgwDk3pHMpvMkIuJi_RXSgrRT-0fp5VV-NjNs3tk3rzLeqEDitADlljFfMb6qlBmcV8wJ5nUrFiq5VLTbV3wWsm-haSszXkVmM2dLVt2w_3Jhke2b5A84IpxIMHLv1isHojAXYRQ6YD-95uOwp2dYakm2KrdJhkcxbFLFouobgwzS3d_9DyzIaPaYI30x34e9xf5kJcxZEMpZb9dQD8p0ofErxwImba1oZzyqs3BiR_tA8hRHxEL8jDTMk2VPB5IDR_3hXD3G-v7HI7kCEY6nae9fMvQAUruY6oHlIjs8NSAtYsMiK0WReShyzi3C9OrB8I99mufmLZgQLKAIr78TssHI3u1WjGCAI4sig2izBlczzDU&cid=CAASBORoOj0&rfl=2%2Chttps%253A%252F%252Freturncustomer.com%252F%240
Frame ID: 8D1ABED62D93F76508692F328233485E
Requests: 27 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FB73781E72ADA6F4F73B8CB940236822
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E7AA3B3800E46FA2B7F680A352A57676
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
Frame ID: 78EC281A8ECA29E56365103466AD0895
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EA30281AF7BC68D7DC98DBF2CFB5400F
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js
Frame ID: 89670FE685BFAA0BBBADFF55ECE406FA
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 8A691C2884D6B8B661D6DB25A11E99F4
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2EF3C96270362D807F141F7461F26DDB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Return Customer - Make your customers happy. Improve your business. Grow your revenue

Page URL History Show full URLs

https://www.returncustomer.com/ HTTP 301
https://returncustomer.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Crownpeak (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

c\.evidon\.com

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

155
Requests

99 %
HTTPS

0 %
IPv6

36
Domains

51
Subdomains

43
IPs

7
Countries

2125 kB
Transfer

7244 kB
Size

29
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pepeschile.com/
Title: Pepe's Chile Page

Search URL Search Domain Scan URL

URL: https://www.dadsguidetotwins.com/
Title: Dad's Guide to Twins

Search URL Search Domain Scan URL

URL: http://joerawlinson.com/
Title: Joe Rawlinson

Search URL Search Domain Scan URL

URL: http://texadero.com/
Title: Texadero LLC

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.returncustomer.com/ HTTP 301
https://returncustomer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 46

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YVjFC5.B2gfqiZZ2JEt6yQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 48

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg0Mjk3MzQzMzg4NjI3MDc5NQ%3D%3D

Request Chain 60

https://bmwmini.demdex.net/event?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057 HTTP 302
https://bmwmini.demdex.net/firstevent?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057

Request Chain 124

https://reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618 HTTP 301
https://www.reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618

Request Chain 136

https://rtb.openx.net/sync/dds?google_gid=CAESEBrxG8uXTYzUUMACzTb1mlc&google_cver=1&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEBrxG8uXTYzUUMACzTb1mlc&google_cver=1&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&google_hm=Zok6Ij7Gx5A2CisHri8A_g==

Request Chain 137

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA71ePeh3lT3pEw1SSuoEE8&google_cver=1&google_push=AYg5qPIRAV_rVGWv40LbBM0APx6sT8-7UF4n1YyPGudRTHAC3MArzhIwuz6XeMZOreExXdUZV3XbWSYeAUn93Ot48xJMy7mgKGM HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEA71ePeh3lT3pEw1SSuoEE8&google_cver=1&google_push=AYg5qPIRAV_rVGWv40LbBM0APx6sT8-7UF4n1YyPGudRTHAC3MArzhIwuz6XeMZOreExXdUZV3XbWSYeAUn93Ot48xJMy7mgKGM&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SA14hRGYSymLXcjFrZlZQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRAV_rVGWv40LbBM0APx6sT8-7UF4n1YyPGudRTHAC3MArzhIwuz6XeMZOreExXdUZV3XbWSYeAUn93Ot48xJMy7mgKGM

Request Chain 138

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFBzBA99dHOWOR4xMtsBcvE&google_cver=1&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZqPBIxxvgEPNbPS9lE1YR7nr4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VBOU01VzQtVS1HM1ZO&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZqPBIxxvgEPNbPS9lE1YR7nr4

Request Chain 139

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_cver=1&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1

155 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
returncustomer.com/
Redirect Chain

https://www.returncustomer.com/
https://returncustomer.com/

19 KB
6 KB

543ms
533ms

Document
text/html

172.67.208.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.208.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a464237db15a393ade86a558144028b5c3864bb373725c4a4248384667684f8f

Request headers

:method: GET
:authority: returncustomer.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 02 Oct 2021 20:46:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: <https://returncustomer.com/wp-json/>; rel="https://api.w.org/"
x-lw-cache: HIT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcFmVQge9QLhSJVz4YL%2By0DzWrlyq5YrDihplkHN6TOn5d382%2BAI3w5Pb%2FmTbEOXXdfS7ZtiVi3X4gTuSH%2FkDtlxpgqdkwHyXSO2U0gzvDxJ5Z2yviP5V5G1J%2BdKcE%2FYIOluSlY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6980c7196ab9f9de-PRG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date: Sat, 02 Oct 2021 20:46:01 GMT
content-type: text/html
location: https://returncustomer.com/
expires: Sat, 02 Oct 2021 21:46:01 GMT
cache-control: max-age=3600
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQmR4E%2Bt8v26MvJPr55ntFvudOTHdGX1TwVEkBdmB7X9qWeJPCstgTshKcy5RtjElrphh8%2FrLtZpE%2BNv11SaeWvt1fUpxgD94Bhvp1lxB7k97f4h4444rz6LwMkzR%2B1iMweBX4s0NV%2BK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6980c71608edf9de-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
returncustomer.com/wp-content/cache/autoptimize/css/ 113 KB
18 KB 662ms
661ms Stylesheet
text/css 172.67.208.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returncustomer.com/wp-content/cache/autoptimize/css/autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.208.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8554f19187efad4b686116c40ac37f32509659c2a1e8af00b28722392eec8764

Request headers

:path: /wp-content/cache/autoptimize/css/autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: returncustomer.com
referer: https://returncustomer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 22 Jul 2021 00:00:18 GMT
server: cloudflare
etag: W/"60f8b512-1c465"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bf598nermaUqdy%2FqS%2FW2fQhcigTx1b7O5%2BJd0FpTaq8RKaIQnI7S%2FPOM8dcqKI95zfszqf0Ly0uLCpOsMwTnnnqPFySTR4dSCI84ioqmOO5ro%2BUh05745QOa5iJqkF6IhDx3zDY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6980c71cdc66f9de-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 02 Oct 2022 20:46:02 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 61ms
24ms Stylesheet
text/css 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A300%2C400%7CMerriweather%3A400%2C300&ver=2.0.0

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

ESF /

Resource Hash

3cc1313c29ba701a9c57abdf02b922217874da93d598ebd38025628cee4f4217

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 20:46:01 GMT
server: ESF
date: Sat, 02 Oct 2021 20:46:01 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 02 Oct 2021 20:46:01 GMT

GET
H3 200 jquery.min.js Show response
returncustomer.com/wp-includes/js/jquery/ 87 KB
32 KB 669ms
669ms Script
application/javascript 104.21.85.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returncustomer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returncustomer.com
referer: https://returncustomer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 21 Jul 2021 23:59:43 GMT
server: cloudflare
etag: W/"60f8b4ef-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vvBycbNctimGaMBtQMd7RlLkKvJ1XVJP82a2QY%2Bp0xMYrhNl98f41XAF7sZdsbDbhH%2F1K%2BBHQJr8KsKl8eN3MtwCZLcNkN2RL9t2Mg7cSXKRsJF%2F%2FYnDsVZYoeqRqU0IGKnakVM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6980c71d3f784119-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 02 Oct 2022 20:46:02 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
50 KB 177ms
45ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

14e5af43bc6b0df4f5d085cfaf193e21fd4cbca7114e99b5e880e3b2e3bf6403

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50850
x-xss-protection: 0
server: cafe
etag: 7613266735616174215
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 02 Oct 2021 20:46:02 GMT

GET
H2 200 6418152.js Show response
js.hs-scripts.com/ 2 KB
981 B 252ms
142ms Script
application/javascript 104.17.212.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/6418152.js?integration=WordPress
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.212.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84529ca14ee5f3884372d450a4c94e47ce735b99f7fadd7631e5ad1a6f637674

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-hubspot-correlation-id: 56e9126f-6269-48bc-bd81-a630356b79fc
x-trace: 2BBF89099E50F5A43D7ED2F99B665F2D6FF4AB91F7000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6980c721cfaa5c26-FRA
expires: Sat, 02 Oct 2021 20:47:02 GMT

GET
H3 200 autoptimize_94981e58b64d54956440cebee3b7a30d.js Show response
returncustomer.com/wp-content/cache/autoptimize/js/ 53 KB
19 KB 670ms
670ms Script
application/javascript 104.21.85.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returncustomer.com/wp-content/cache/autoptimize/js/autoptimize_94981e58b64d54956440cebee3b7a30d.js
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3e3bea95a6ecf4c58fdbcd969b4f9a7ff9c613442f5ed7e1ff33854bef4be0f

Request headers

:path: /wp-content/cache/autoptimize/js/autoptimize_94981e58b64d54956440cebee3b7a30d.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returncustomer.com
referer: https://returncustomer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 22 Jul 2021 00:04:29 GMT
server: cloudflare
etag: W/"60f8b60d-d5a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ctf25N77oTMD4dRQUxazU%2FmRaj4Le4sh82fPRrVjXp94a4895Oy0CpjzDzOjDUo8LV05ckK4nWjysphDZbmsndI5g%2BmrLc8QxER4Zcz%2FSSmxLDTawVsrO307A%2FqTG17VWtTi1I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6980c721299d4119-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 02 Oct 2022 20:46:02 GMT

GET
H3 200 wp-emoji-release.min.js Show response
returncustomer.com/wp-includes/js/ 18 KB
5 KB 534ms
533ms Script
application/javascript 104.21.85.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://returncustomer.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: returncustomer.com
referer: https://returncustomer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 21 Jul 2021 23:59:43 GMT
server: cloudflare
etag: W/"60f8b4ef-4705"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qZdjaONLyGhY5tUL380s78D3Mzppf4E5OmCP3jPYIKCu51cCZDAJ3VpXn7t8HXd1SUdjz0iA67FjkevWaqIZRjZ3MAYAtboFfv5qlIK6pzpHleSzTSDpUm014qgCR0zq580p%2BO8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6980c721299f4119-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sun, 02 Oct 2022 20:46:02 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 118ms
7ms Script
text/javascript 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 7145
date: Sat, 02 Oct 2021 18:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 02 Oct 2021 20:46:57 GMT

GET
H2 200 prum.min.js Show response
rum-static.pingdom.net/ 6 KB
3 KB 122ms
12ms Script
application/javascript 104.20.20.239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-static.pingdom.net/prum.min.js
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.20.239 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c19455754ead9313cc2221c64f1c66e8378501d8099bdcb3d90bb0b1a170b5ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 11 May 2021 14:01:38 GMT
server: cloudflare
age: 2002
etag: W/"609a8e42-1849"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=43200
cf-ray: 6980c721c86b4e56-FRA

GET
H3 200 random_grey_variations.png
returncustomer.com/wp-content/uploads/2013/01/ 4 KB
4 KB 550ms
550ms Image
image/png 104.21.85.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returncustomer.com/wp-content/uploads/2013/01/random_grey_variations.png
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/wp-content/cache/autoptimize/css/autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b962771e91582a7dc95cbf9c6caa71c0ec9aa7ff0570c7924846947659dbdc4b

Request headers

:path: /wp-content/uploads/2013/01/random_grey_variations.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returncustomer.com
referer: https://returncustomer.com/wp-content/cache/autoptimize/css/autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/wp-content/cache/autoptimize/css/autoptimize_ce8642fa11dcbbdbdf010829bec4126a.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3869
last-modified: Wed, 25 Jul 2018 18:23:26 GMT
server: cloudflare
etag: "5b58c01e-f1d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wlurTgyq1KJQVlTll2FcqWqeB4Ko4k5PQwL0VCFl%2BUk%2BoL2eeNYBY6r1IbC8uyPaAg9H2TH8Rhz18WtjaYl2AW%2BLauPMWdpApE1J5TbAe72ML8XPtZT1MoMZlQmtiYnjwsVmIss%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6980c72129a04119-PRG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 cropped-return-customer-logo.jpg
returncustomer.com/wp-content/uploads/2018/07/ 6 KB
7 KB 550ms
550ms Image
image/jpeg 104.21.85.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://returncustomer.com/wp-content/uploads/2018/07/cropped-return-customer-logo.jpg
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.85.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7611f9137c4d66592ef403d62154c45fafa33a3578dac571f30b0e7533384ae5

Request headers

:path: /wp-content/uploads/2018/07/cropped-return-customer-logo.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: returncustomer.com
referer: https://returncustomer.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6624
last-modified: Wed, 25 Jul 2018 18:37:03 GMT
server: cloudflare
etag: "5b58c34f-19e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Irp3Nv3Djy9cl8bU69frOI%2F7g89I0oEqIMiBSUDyJv3Z%2BTuuJ4befjIvkDw%2BDXW6evRK6uR4S0Bm1SY1S7lwce5m0DzsDvNox%2FEhLqpT6kqv4aaagmg%2FIWU%2BjibrQoznuQjK1Wg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6980c72129a14119-PRG
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 127ms
19ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%7CMerriweather%3A400%2C300&ver=2.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 20:32:23 GMT
x-content-type-options: nosniff
age: 260019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23248
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 29 Sep 2022 20:32:23 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l521wRZWMf6.woff2
fonts.gstatic.com/s/merriweather/v25/ 19 KB
19 KB 121ms
16ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v25/u-4n0qyriQwlOrhSvowK_l521wRZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%7CMerriweather%3A400%2C300&ver=2.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

d29d48c55bdf3839337426482acf82b39999f7acfd0215d0f69a9920f6d07026

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 01:25:32 GMT
x-content-type-options: nosniff
age: 415230
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19776
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:22:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Sep 2022 01:25:32 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 118ms
13ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%7CMerriweather%3A400%2C300&ver=2.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 15:11:30 GMT
x-content-type-options: nosniff
age: 452072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 15:11:30 GMT

GET
H2 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v25/ 20 KB
20 KB 112ms
7ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v25/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A300%2C400%7CMerriweather%3A400%2C300&ver=2.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

c435a36c4117826fc7b7b8023aaf45d65e59bcb814c8f1b1e28bea7c49318c13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 20:15:50 GMT
x-content-type-options: nosniff
age: 433812
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20016
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:21:51 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 20:15:50 GMT

GET
H2 200 / Show response
load.sumo.com/ 2 KB
2 KB 94ms
6ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: F3WYFBQ44Q2G0CFD
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 2021-08-10 08:54:27
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Kzgb2dwdVDwyLCTvHsZXncN4YdFhrPX778n3LamJ4MTck7tfGc58WNZzyg1g3dO3XdsQwE6N+/s=
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:12 GMT
server: BunnyCDN-DE1-756
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control: max-age=600
cdn-requestid: 71a295aaa3d49eb41e969c98ab419e7d
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 72.0a035390359aab65eb82.js Show response
load.sumo.com/ 131 KB
44 KB 8ms
7ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 1ZQEWHAMVKQ7GYB9
cdn-cachedat: 08/11/2021 08:27:12
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: kmFKyXlcNfWRvLk73k8+XQ19wYCytEHCTISpCux9qKXgMmTWTauGgYuQX+XFo3SzIUCSissBAiY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:49 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: ab00b3ea3055d77110509502fb6443af
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 73.0a035390359aab65eb82.js Show response
load.sumo.com/ 289 KB
100 KB 15ms
14ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: TBY01K4HP9CGD4T8
cdn-cachedat: 08/11/2021 06:56:09
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: zxdeegSWyj0r5KeMe1/TVBrRHqZLd4efcDcAMD1YkADnK6T70g4ma5XkPClgzRKwYXb8pz26pBk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:50 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: fa3c6e6b702f456747f7040d32d8ac4e
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 43ms
21ms XHR
text/plain 142.250.185.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1010906414&t=pageview&_s=1&dl=https%3A%2F%2Freturncustomer.com%2F&ul=en-us&de=UTF-8&dt=Return%20Customer%20-%20Make%20your%20customers%20happy.%20Improve%20your%20business.%20Grow%20your%20revenue&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAAC~&jid=427770813&gjid=950335035&cid=1588673939.1633207563&tid=UA-80571-1&_gid=1974911202.1633207563&_r=1&_slc=1&z=188171673

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.238 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://returncustomer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
463 B 43ms
14ms XHR
text/plain 108.177.15.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-80571-1&cid=1588673939.1633207563&jid=427770813&gjid=950335035&_gid=1974911202.1633207563&_u=IEBAAAAAAAAAAC~&z=1341322716

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 02 Oct 2021 20:46:02 GMT
content-type: text/plain
access-control-allow-origin: https://returncustomer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/ 257 KB
95 KB 70ms
56ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

90161e1b4753e107452fe24bf0893324658a9cde074b2b54e2b93bf41e153895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97114
x-xss-protection: 0
server: cafe
etag: 15913738467563249465
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Oct 2021 20:46:02 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210927/r20190131/ Frame 16EA 10 KB
5 KB 28ms
6ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210927/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210927/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 02 Oct 2021 00:18:12 GMT
expires: Sat, 16 Oct 2021 00:18:12 GMT
content-type: text/html; charset=UTF-8
etag: 297313706323796346
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4617
x-xss-protection: 0
age: 73670
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 537 KB
87 KB 1092ms
1063ms Script
application/javascript 104.17.230.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6418152.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.230.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b38803f733f36ff943399e6539b7fe1fa26611706ce6878b5b21c6a4f96ec862

Request headers

Referer: https://returncustomer.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
via: 1.1 7eefe38d76087dfad8e2f0b7702246ef.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD89-C3
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1056/bundle/main/lead-flows-release.js&cfRay=6980c722ea3e2488-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6980c722ea3e2488-FRA
last-modified: Thu, 23 Sep 2021 09:11:54 UTC
server: cloudflare
etag: W/"9af442c5acbde436228f228f7502bfc8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: BdP6Nyyw4.FdbyHhgb7cfRPPJ2MC6STP
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: MzavxdkLc6qDx7IgaIoR3M5QIMvn4F3Eogw4z9b_VO2ByHtF4C13cQ==
x-hs-target-asset: lead-flows-js/static-1.1056/bundle/main/lead-flows-release.js

GET
H2 200 6418152.js Show response
js.hs-banner.com/ 60 KB
16 KB 424ms
397ms Script
text/javascript 104.18.21.191
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/6418152.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6418152.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.191 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62c0c29d9307c0b2c2aa46444aa99e24952948e4a04107bffca1d82906ee78fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: TW7DB8X0BBXF6TVV
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: lmiTBkSJ/4fhJzvkgPwvYFRX2Gu8ROq9LiLcIFr6bDne4snTPtn5zANHnJ0qwX/LWiEwi67pSOM=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 20:35:49 GMT
server: cloudflare
etag: W/"98c29316511775befc0ae6cd6337cd9e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: vpmzu3vGwlt7hUjlwMiWfJZw6GWoVAmW
access-control-allow-origin: https://returncustomer.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6980c722df644e08-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Sat, 02 Oct 2021 20:51:03 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 81 KB
26 KB 208ms
179ms Script
application/javascript 104.17.127.171
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6418152.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.127.171 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0e8f49ce2aa1c4720cc187c184c8d800182aea43645aa3193c0614703d0c8f4

Request headers

Referer: https://returncustomer.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
via: 1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD89-C3
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.247/bundles/project.js&cfRay=6980c722e9672b59-IAD
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6980c722e9672b59-FRA
last-modified: Tue, 28 Sep 2021 10:08:32 UTC
server: cloudflare
etag: W/"a5dc58d02593ddd2c3c6bbe2230fc074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: s1CYAXlTSydz_cSjotzU3Em8FOsfSJIb
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: _04VHPAnsnCdSQkI80IaaNgFU5gmtJGqECncH_ZGvWmt4PhH0Xsr2g==
x-hs-target-asset: collected-forms-embed-js/static-1.247/bundles/project.js

GET
H2 200 6418152.js Show response
js.hs-analytics.net/analytics/1633207500000/ 62 KB
20 KB 175ms
145ms Script
text/javascript 104.17.67.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1633207500000/6418152.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6418152.js?integration=WordPress
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.67.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 877aae80c7a512acfa423cd406b6687ac41c1ada306c76a7dcfe41a8c9e6a8a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 0G7JS2SSE705YR1J
x-amz-server-side-encryption: AES256
cf-ray: 6980c722ee393237-FRA
x-amz-id-2: FovVV29g+Bu3+o3lXY3KCrESdEE01lwDJc5VZYTMWvm9K6VOG3pws6nvObKkNbzn4NXmQnTmPiM=
last-modified: Mon, 19 Jul 2021 15:29:46 GMT
server: cloudflare
etag: W/"bc9755f23f9e1c55bd4c33a3d1d8497a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Sat, 02 Oct 2021 20:51:02 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 40ms
19ms Image
image/gif 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-80571-1&cid=1588673939.1633207563&jid=427770813&_u=IEBAAAAAAAAAAC~&z=831968141

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 208 B
663 B 52ms
16ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=returncustomer.com&callback=_gfp_s_&client=ca-pub-1423853871697674

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

875502e389b4bf5c0f72f5ad8333510aa2cad5d569835479d4e040a8a322d8b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 37ms
16ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returncustomer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 02 Oct 2021 20:46:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0492 29 KB
12 KB 447ms
433ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&adk=1812271804&adf=3025194257&lmt=1633207562&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freturncustomer.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207562635&bpp=2&bdt=923&idt=104&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4079280996818&frm=20&pv=2&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=120

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e7082c0a237e187825ebd01587db9d28e7e9ffd331d6b850a5370fec15813065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1423853871697674&output=html&adk=1812271804&adf=3025194257&lmt=1633207562&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freturncustomer.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207562635&bpp=2&bdt=923&idt=104&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4079280996818&frm=20&pv=2&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=120
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 02 Oct 2021 20:46:03 GMT
server: cafe
content-length: 12431
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 02-Oct-2021 21:01:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 02 Oct 2021 20:46:03 GMT
cache-control: private

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
1 KB 148ms
121ms XHR
application/json 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=6418152&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dcc3e9f00570456eebdc6a42bd7cad1218e50a2d81353afe14d2cacc86d3f46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 117eb105-696b-4105-a8c3-7214777f4704
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O366vrc62Zxw2FtMKvlBbCuGM5j%2FhMHzAOYY5Tpi9mG8SgcIjM41td%2FeIQYCmpX08fYPRpgX5J1jdryBORnDkg8NBaUvFWq%2Fe84MbQv09u97uetTzhI9JnPZyWFum%2FwsPc1A"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://returncustomer.com
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 6980c7245c526910-FRA
access-control-allow-headers: *

GET
H2 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
519 B 165ms
140ms Image
image/gif 104.16.88.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.88.5 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: e33c161e-f916-4dd6-92d4-cbfbe9751a27
x-trace: 2BB889855120F1F494DD40D45BE72B20235BC68498000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6980c7254a6d2c56-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
x-robots-tag: none

GET
H/1.1 200
OK count.js Show response
returncustomer.disqus.com/ 1 KB
2 KB 35ms
6ms Script
application/javascript 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://returncustomer.disqus.com/count.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/wp-content/cache/autoptimize/js/autoptimize_94981e58b64d54956440cebee3b7a30d.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Sat, 02 Oct 2021 20:46:03 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 147
X-Edge-Origin-Shield-Skipped: 0
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 29 Sep 2021 16:35:15 GMT
Server: nginx
ETag: "615495c3-367"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW53-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: 9WSwIXjMreQBPXiE8p250YxLevpBfuowpzloNjJtcLj7niPwFiv4mw==

POST
H2 200 / Show response
sumo.com/api/load/ 878 B
1 KB 529ms
175ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/load/

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

98982b53678a66205f0d5c468914290ee985309002942ed1c0811314d59ea6ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 878

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/ 141 KB
51 KB 25ms
24ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/reactive_library_fy2019.js?bust=31062986

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

29a3823b1be3441ad71794b8486dc44051043b58173dd7609fe92a6405c0fc48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52206
x-xss-protection: 0
server: cafe
etag: 1467078501759456671
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Oct 2021 20:46:03 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 59ms
26ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=returncustomer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 218F 85 KB
29 KB 777ms
777ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

f5e5d5a801cc1e6cee5a9258f9f512e2e3976d555567f1ff2a82aee75690a15c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 02 Oct 2021 20:46:03 GMT
server: cafe
content-length: 29233
x-xss-protection: 0
set-cookie: IDE=AHWqTUkCHx_E9_XKqmv8hKIGWqnMm8O--nJ9aUluNWfXkkGavho0cuP4jA2WkOwcpAM; expires=Mon, 02-Oct-2023 20:46:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 02 Oct 2021 20:46:03 GMT
cache-control: private

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/ Frame 147A 10 KB
5 KB 9ms
8ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 02 Oct 2021 00:24:41 GMT
expires: Sat, 16 Oct 2021 00:24:41 GMT
content-type: text/html; charset=UTF-8
etag: 297313706323796346
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4617
x-xss-protection: 0
age: 73282
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 02B1 624 B
300 B 25ms
24ms Document
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 02 Oct 2021 20:46:03 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUm-8qjqWR2Z8Q649-DDoBNLZSQvweqEoO4jJrTRk3msQWuyufFYZ8_lShVx; expires=Mon, 02-Oct-2023 20:46:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 02 Oct 2021 20:46:03 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8D1A 24 KB
13 KB 61ms
61ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BroneSLB_zggVH63A6D95ykt1yTGAiU10o_FLA94vuaZNaH7FH2_LykoxC40uduBYDjsXqMjlT3Ss9291ODtcmu6ZbbBnaZ0lyQJ8puhHmuRN33diKZa6PmNaSmOZYGHXa8eIdrvmT3FQ7DvY8e8Z8yyVRLg&cry=1&dbm_d=AKAmf-DWmBeJKOFknzXV3BqNL_CVXv0cfZXY4o-fnWwTquz-AuOBqlM-XuNPgLK4w-AKbUe43Ssl0NXdsbuqv_NnMXiNOoDdfNwv8m603TxJC9XDIYVOYuZU_tXSeGsfK3IMFsmtltixyL15SnjjIc1YX5VnX9pKr2dprT3lJnJdChmMoSKXBib24PVWI5eHkDiaGQ7rAKQjfjuzDy6LGSKtCoMISPXKRn6utLFOybEajl-X8UY1gLi3n4z5QSUaKKEr_LumLAA0ed9F7UlyyEZucbV8uQvoBH4Rze38LcgFqSG19m7pYYTWpFYV41xfYaXTbK6-naBqjqHqzb3N6Dfrfi37G--EaVeKJ3xsfLnhaMEfEkOpAc5sy3E81FIc2AsmImEpZgOK3zJlpUFKUGVzKHBBy3e5HLgy-wtGlEfMGq8GHRePPleRzoH9tpbJlYnS8YO-GJpnifr4CMThjoIZhOti3X8RXuHGOd1mRXKeNFJXyFE2MFvGCfwKudqaM5S7lNUuaygf_YHRjCQmGpe0Rcyv7nGdcL5Nj07X8-0G9b3ubyVbW69qGlc5en9ApplJ4njMavZUgH1KRZS9jlpmHR13Mxer7h2TxfY8srh3fyNmUKIfnCdF0LWFomM5RVStUNpAi_3wJS-FKxFjxj5rlNPsDN4ro87lA364_oBYTkEm0fxVhQpFqCP8TOq52LcLzZva4h2ylVePYKEr6BZ6poFuRHKhRiuygmtSsPSgIPHI7yMb2VyZW9GJUQ3N9xqyrFjRQE1nZwwvgdn-VgxBB8fFcbJpZCeBv_4a2BBQAti0d5HMa_JY6CAZAsxt46YqJW0u75ZkH1jf2L7K59fzjA68VLbPPusJ2M5AcHABRhz28I98-bG9VMz8FR6NtBth6hYpicSxmXZw14_BCYhj_rMl6lzgRJHQuHerXHb77JbdVtzrgruaCXboNxXxe4tHJ0nXzxm3RyPG9WVcu2FKDkmUfxUvlPA-XPi0amzpF3qHwrvSMj_aq88bUaQc7UqEUTmvXiSH33llKbka5Ns2M2ajvBCcWkGZpfe-N0XcJdQSuegihL4D2S5JRVVTGCM0xCIkAK4z3hgOJO0KhFYrnxpX54QvQxyePwC-vEDlWJnjhKjOVGZCy6Q9d6VtL8GxGm7MReV4lyqzFWuq0o9YlO1SonAOF4uB3HnpfwAzkRQ_wDJhihUZ-5ylwwl-Kevwjgfvizu__kBXUuWQdIx9wczbsB24WiSKDqbr54bCkL72vimVkz8JBOpky9FvXAkKOZOi0KFjopFpBtBcT9MxK86Ce21v2VbPOrCFvgNEHGmKqPxfP7Z0xv6bUYlvEg6_kocnz3UdH0KSeKY3cfaULRRwwjtD9bj8k1gM6keR-ySfTzMr1b39XCqW0Sh2eTY_vKzvGiskF8nT6XTMiOFvgaP7rtrSuN3pY6jYglshW1tAJ9ceRVmoc0-nUb5yTiDISl92jiirEk86ix9FTFy6_RW0fH69nLVcWFKSzx-F5VsVbNCO6nhmHPvdL0D1m38FKJ6dLsl9Kswys3l4oOzGYW5TD9l5K1Pp6jE2LmsLgJ7bancg8HCdf7dU2r2S7WLHe6La2vaaiWhUw6JJw6thJN0zPBcLBufDv9M-aJDxMKRTog1HcZ_9yLvw83dD5Dbid6dQTwAPcCzyZ95KISwnW7jcxQIQfl3M9uHTjFrQ912Gk-m1j9TKqGBWbs1E8i2xRzhdkCl5tNLTKnuAdYvqQdFAEGxXAXEF9QxyLsaeqNUvP-Y7haCzW3f1wfN-BNYoADRIPEN03ONgUXfgVbIC0B2_wiZeEkPO9Lw1bj_IqFks-EaHGmmx7GMVo-b3UGl3oUgH3IsyFx0YZ6G6GG7UWkot0VeRYKiY4ch66t7Vb0BgbgvC7C5XMFDhIaTAC1lHRBVduQR1CjQdAqlpHRO55apypgbSFfawWl1yeBlTlUMOgSluHnJ9ALe4hlLkElC8an0LiyHfeJqIVAxsl_I_6wVLuKPyjh-aHHv-nnJHIUVbpSKeYTkCjW1vzUUpaOP4RTn_2Hwo_C6rAHah0CUBpa1zwYbs91EOAHPm8ZSCo8VoPcKWakwn2PkL7KFjV5RDp4SKGV3msYgo8Tha60nr6clFidOOaltoYa_0GNtsoAlLcocgxJtm0kXaCbCAkzR9zvfXFdc75GL3BCL14czOAnE8zxkWM9atHswGM6HtSytQC4BNzbtEibIghkTD4D2iKnIgbjSxpfy6DQl4OuJyWlrQu9b54WvG4rDtEUDPHx0Ct61Xt4xEOeEmx8G0NQ3rrxpnMhNhOS6itjjQW2-Z6KIEYYOPcR2_XQkCqo2fY9Xv78NewBSRQjxOmq96anx-nzU3rvoeT3S2Y7Ni7_g17tURRLbmJhWxBfPEGTqPpXtTU2rRc9RbYScEa4YbvYsr1FwwggbCH0cI1QFx5sTDJJe_DrhfTkXf5wZWK70yd-dqCL9HKTPrOS3Xq7iCYtvEyhtD_F4AZsnlhLQlccdF_e2Ad4LYU4MLy1HxiXpfXKhqRecoIOdj4Px_jbNoQ9QMvISjoG8I_hRfS6ghoDzrP7ElMTxGpyFuhLTr5xbMllQ7X6CIyX-s7cDQ_cMYKozplWlsXonRYRigHAXv1sbrHTEXXzitFN1w7obJd7a7ua-Gwc6CARpbZ6h71T01x1HzQaLtgwDk3pHMpvMkIuJi_RXSgrRT-0fp5VV-NjNs3tk3rzLeqEDitADlljFfMb6qlBmcV8wJ5nUrFiq5VLTbV3wWsm-haSszXkVmM2dLVt2w_3Jhke2b5A84IpxIMHLv1isHojAXYRQ6YD-95uOwp2dYakm2KrdJhkcxbFLFouobgwzS3d_9DyzIaPaYI30x34e9xf5kJcxZEMpZb9dQD8p0ofErxwImba1oZzyqs3BiR_tA8hRHxEL8jDTMk2VPB5IDR_3hXD3G-v7HI7kCEY6nae9fMvQAUruY6oHlIjs8NSAtYsMiK0WReShyzi3C9OrB8I99mufmLZgQLKAIr78TssHI3u1WjGCAI4sig2izBlczzDU&cid=CAASBORoOj0&rfl=2%2Chttps%253A%252F%252Freturncustomer.com%252F%240

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

93093c6722a3f526d266ca9f8cabdb1aa26f9215ffe4bfdcb9d2238daf6da2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 8D1A 9 KB
5 KB 31ms
6ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

b2db7373b4a646a326952fa386be6fde1ce4c93f101258d840c91e42af13d47d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:22:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4403
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 16:41:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Sat, 02 Oct 2021 21:22:25 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 8D1A 3 KB
1 KB 35ms
7ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:33:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 748
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:33:35 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 8D1A 14 KB
7 KB 34ms
6ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:37:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 494
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6194
x-xss-protection: 0
server: cafe
etag: 2541472377268313288
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:37:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8D1A 122 KB
37 KB 50ms
26ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
server: sffe
etag: "1633087504575570"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Sat, 02 Oct 2021 20:46:03 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D1A 42 B
63 B 39ms
39ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CHFlAH34PutJ8s3NGY7eOuR4ymQMz__wb78AhbVla4N3NMA5cPFgKnMrKAndEQH1HnSgKYHAtie3KTV-e5YXG8b_gngwljhakENFGRts1eClh9mw0

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 02B1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
315 B

15ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 02 Oct 2021 20:46:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 02 Oct 2021 20:46:03 GMT

Redirect headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 02B1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YVjFC5.B2gfqiZZ2JEt6yQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
315 B

17ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 02 Oct 2021 20:46:03 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 02 Oct 2021 20:46:03 GMT

Redirect headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 02B1 170 B
243 B 37ms
16ms Image
image/png 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJiPExC4pdUCGL_d3qYBMAE&v=APEucNVVcqvgwAhoaYrEuAh0RIFTnoUJMMMHw5PMPtVzYo-gUOza8I-3ByAmdn2bOntfWuFd8u18BtjkmTTxewJARvd8rnX-wA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 02B1
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg0Mjk3MzQzMzg4NjI3MDc5NQ%3D%3D

170 B
188 B

32ms
18ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg0Mjk3MzQzMzg4NjI3MDc5NQ%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 02 Oct 2021 20:46:03 GMT
X-Proxy-Origin: 216.131.114.133; 216.131.114.133; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5f628570-45c5-44bc-a41b-d2557c3c1ae5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjg0Mjk3MzQzMzg4NjI3MDc5NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame 8D1A 23 KB
9 KB 7ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BroneSLB_zggVH63A6D95ykt1yTGAiU10o_FLA94vuaZNaH7FH2_LykoxC40uduBYDjsXqMjlT3Ss9291ODtcmu6ZbbBnaZ0lyQJ8puhHmuRN33diKZa6PmNaSmOZYGHXa8eIdrvmT3FQ7DvY8e8Z8yyVRLg&cry=1&dbm_d=AKAmf-DWmBeJKOFknzXV3BqNL_CVXv0cfZXY4o-fnWwTquz-AuOBqlM-XuNPgLK4w-AKbUe43Ssl0NXdsbuqv_NnMXiNOoDdfNwv8m603TxJC9XDIYVOYuZU_tXSeGsfK3IMFsmtltixyL15SnjjIc1YX5VnX9pKr2dprT3lJnJdChmMoSKXBib24PVWI5eHkDiaGQ7rAKQjfjuzDy6LGSKtCoMISPXKRn6utLFOybEajl-X8UY1gLi3n4z5QSUaKKEr_LumLAA0ed9F7UlyyEZucbV8uQvoBH4Rze38LcgFqSG19m7pYYTWpFYV41xfYaXTbK6-naBqjqHqzb3N6Dfrfi37G--EaVeKJ3xsfLnhaMEfEkOpAc5sy3E81FIc2AsmImEpZgOK3zJlpUFKUGVzKHBBy3e5HLgy-wtGlEfMGq8GHRePPleRzoH9tpbJlYnS8YO-GJpnifr4CMThjoIZhOti3X8RXuHGOd1mRXKeNFJXyFE2MFvGCfwKudqaM5S7lNUuaygf_YHRjCQmGpe0Rcyv7nGdcL5Nj07X8-0G9b3ubyVbW69qGlc5en9ApplJ4njMavZUgH1KRZS9jlpmHR13Mxer7h2TxfY8srh3fyNmUKIfnCdF0LWFomM5RVStUNpAi_3wJS-FKxFjxj5rlNPsDN4ro87lA364_oBYTkEm0fxVhQpFqCP8TOq52LcLzZva4h2ylVePYKEr6BZ6poFuRHKhRiuygmtSsPSgIPHI7yMb2VyZW9GJUQ3N9xqyrFjRQE1nZwwvgdn-VgxBB8fFcbJpZCeBv_4a2BBQAti0d5HMa_JY6CAZAsxt46YqJW0u75ZkH1jf2L7K59fzjA68VLbPPusJ2M5AcHABRhz28I98-bG9VMz8FR6NtBth6hYpicSxmXZw14_BCYhj_rMl6lzgRJHQuHerXHb77JbdVtzrgruaCXboNxXxe4tHJ0nXzxm3RyPG9WVcu2FKDkmUfxUvlPA-XPi0amzpF3qHwrvSMj_aq88bUaQc7UqEUTmvXiSH33llKbka5Ns2M2ajvBCcWkGZpfe-N0XcJdQSuegihL4D2S5JRVVTGCM0xCIkAK4z3hgOJO0KhFYrnxpX54QvQxyePwC-vEDlWJnjhKjOVGZCy6Q9d6VtL8GxGm7MReV4lyqzFWuq0o9YlO1SonAOF4uB3HnpfwAzkRQ_wDJhihUZ-5ylwwl-Kevwjgfvizu__kBXUuWQdIx9wczbsB24WiSKDqbr54bCkL72vimVkz8JBOpky9FvXAkKOZOi0KFjopFpBtBcT9MxK86Ce21v2VbPOrCFvgNEHGmKqPxfP7Z0xv6bUYlvEg6_kocnz3UdH0KSeKY3cfaULRRwwjtD9bj8k1gM6keR-ySfTzMr1b39XCqW0Sh2eTY_vKzvGiskF8nT6XTMiOFvgaP7rtrSuN3pY6jYglshW1tAJ9ceRVmoc0-nUb5yTiDISl92jiirEk86ix9FTFy6_RW0fH69nLVcWFKSzx-F5VsVbNCO6nhmHPvdL0D1m38FKJ6dLsl9Kswys3l4oOzGYW5TD9l5K1Pp6jE2LmsLgJ7bancg8HCdf7dU2r2S7WLHe6La2vaaiWhUw6JJw6thJN0zPBcLBufDv9M-aJDxMKRTog1HcZ_9yLvw83dD5Dbid6dQTwAPcCzyZ95KISwnW7jcxQIQfl3M9uHTjFrQ912Gk-m1j9TKqGBWbs1E8i2xRzhdkCl5tNLTKnuAdYvqQdFAEGxXAXEF9QxyLsaeqNUvP-Y7haCzW3f1wfN-BNYoADRIPEN03ONgUXfgVbIC0B2_wiZeEkPO9Lw1bj_IqFks-EaHGmmx7GMVo-b3UGl3oUgH3IsyFx0YZ6G6GG7UWkot0VeRYKiY4ch66t7Vb0BgbgvC7C5XMFDhIaTAC1lHRBVduQR1CjQdAqlpHRO55apypgbSFfawWl1yeBlTlUMOgSluHnJ9ALe4hlLkElC8an0LiyHfeJqIVAxsl_I_6wVLuKPyjh-aHHv-nnJHIUVbpSKeYTkCjW1vzUUpaOP4RTn_2Hwo_C6rAHah0CUBpa1zwYbs91EOAHPm8ZSCo8VoPcKWakwn2PkL7KFjV5RDp4SKGV3msYgo8Tha60nr6clFidOOaltoYa_0GNtsoAlLcocgxJtm0kXaCbCAkzR9zvfXFdc75GL3BCL14czOAnE8zxkWM9atHswGM6HtSytQC4BNzbtEibIghkTD4D2iKnIgbjSxpfy6DQl4OuJyWlrQu9b54WvG4rDtEUDPHx0Ct61Xt4xEOeEmx8G0NQ3rrxpnMhNhOS6itjjQW2-Z6KIEYYOPcR2_XQkCqo2fY9Xv78NewBSRQjxOmq96anx-nzU3rvoeT3S2Y7Ni7_g17tURRLbmJhWxBfPEGTqPpXtTU2rRc9RbYScEa4YbvYsr1FwwggbCH0cI1QFx5sTDJJe_DrhfTkXf5wZWK70yd-dqCL9HKTPrOS3Xq7iCYtvEyhtD_F4AZsnlhLQlccdF_e2Ad4LYU4MLy1HxiXpfXKhqRecoIOdj4Px_jbNoQ9QMvISjoG8I_hRfS6ghoDzrP7ElMTxGpyFuhLTr5xbMllQ7X6CIyX-s7cDQ_cMYKozplWlsXonRYRigHAXv1sbrHTEXXzitFN1w7obJd7a7ua-Gwc6CARpbZ6h71T01x1HzQaLtgwDk3pHMpvMkIuJi_RXSgrRT-0fp5VV-NjNs3tk3rzLeqEDitADlljFfMb6qlBmcV8wJ5nUrFiq5VLTbV3wWsm-haSszXkVmM2dLVt2w_3Jhke2b5A84IpxIMHLv1isHojAXYRQ6YD-95uOwp2dYakm2KrdJhkcxbFLFouobgwzS3d_9DyzIaPaYI30x34e9xf5kJcxZEMpZb9dQD8p0ofErxwImba1oZzyqs3BiR_tA8hRHxEL8jDTMk2VPB5IDR_3hXD3G-v7HI7kCEY6nae9fMvQAUruY6oHlIjs8NSAtYsMiK0WReShyzi3C9OrB8I99mufmLZgQLKAIr78TssHI3u1WjGCAI4sig2izBlczzDU&cid=CAASBORoOj0&rfl=2%2Chttps%253A%252F%252Freturncustomer.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

7cc64ec2f55ae9d24be2ca2bd4f933dcf99c9be0ae35871489cf235d5cee6af0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9205
x-xss-protection: 0
server: cafe
etag: 2170525750406684717
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:42:53 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8D1A 41 KB
15 KB 23ms
6ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 11:59:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 01 Oct 2022 11:59:56 GMT

GET
H3 200 impl_v80.js Show response
www.googletagservices.com/dcm/ Frame 8D1A 37 KB
15 KB 36ms
15ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v80.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

7a3e1fa68b2ed9b3c641299d3129d7439377b2f2f21a4f13d17435967ecb00a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 10:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15821
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 14:32:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-dcm-tag"
expires: Fri, 30 Sep 2022 10:03:42 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FB73 22 KB
8 KB 7ms
7ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 01 Oct 2021 11:59:56 GMT
expires: Sat, 01 Oct 2022 11:59:56 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 117967
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 B24975057.294993873;dc_ver=80.232;sz=728x90;u_sd=1;dc_adk=1726166434;ord=ujukqb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjKMmCsVYYZjIMIGOtweI3qOIBrK7n5dljeTV-84N... Show response
ad.doubleclick.net/ddm/adj/N8295.8257.AUTOTRADER.COM/ Frame 8D1A 58 KB
24 KB 64ms
42ms Script
text/javascript 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N8295.8257.AUTOTRADER.COM/B24975057.294993873;dc_ver=80.232;sz=728x90;u_sd=1;dc_adk=1726166434;ord=ujukqb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjKMmCsVYYZjIMIGOtweI3qOIBrK7n5dljeTV-84NxpC7tt0nEAEg-LD4AWDJhoCA3CPIAQmoAwGqBPUBT9Afs8D_HW8fDXZTYulPIqn9rau_z2iVj0BoD3U2GyLJ0-NYP3REnnaWQs4b-8jNIojFEjFKV8MDEHVYcsZdqVnuiDuycEUdQ3gmg1saYAnpLCRF5GVaeoG71geoQfwUarUvyk-gVwTlByBPo3nXdjq-Zk-OscQigkedF-oNUApKec05b5-gTLM6cYW53ehO78SsMTz0KhsQodVrdxyLC0RIGAwN3v_FpFpxouSnrQt60IA3C1dr5gTlYVwOP2Sqfb3LzPoiP7LKbub4sQHzeYmUHbv4yxjCyj0d0XWIMJkaTPNYcNWMX8QZEwqetnICr-7pfgTABJKzmI7DA-AEA5AGAaAGTYAHy6WHuwGoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGF-ACgGYCwHICwGADAGwE_TF5QzQEwDYEwqIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASBORoOj0%26sig%3DAOD64_0TcmQOgHENy4H2ZmfJm9wm9JQslQ%26client%3Dca-pub-1423853871697674%26dbm_c%3DAKAmf-CdekwmdiY8RM1jBGndTOr2b1wjDDCqbVIvoPqKjLWemd2Q3zvUux1TkGgZaO-Fm_jnJlZ1BYTO9398Q2QVqDeNIoM7vFhvcrOe4xzfmerctrl3zcJoWGC9Jekd_N9jEjLnFCkBCDqN3aAFUlwH0C0XkPQwsw%26cry%3D1%26dbm_d%3DAKAmf-DilZVncB6by9LTocTyBdkePDw6hbcJZePzOrpx0mgcjAE06t0qjrRMZjJFtAqBA_AUoDDl_Nd4UofEfBB2bif5CRb4h-sMk99ck4Z9nYj6n1S_0R0Gv6R8XGBRgGDbyz6oiThFxIcevt9IOKjJKOva6OCig7y4vpkxGaQbvLSHiHgtlh-aHHLcEL4w33DYR59GmKxs5qDh2pSFB6OgAiEMeyIytU7ptqarOWEJ9GII5IJZ9nARGtYUttgTdszEG36c9CTbZsiB7-gwVLV1P9er6TTPqXuifNFeJly46VbApAvysIjwdgocVYwQTf_ObdOANaOsAczoKEFfD_Y_RO9b1Ss_hlpXGAnjOwOOGjyOXuCLsncQQDIT3XBnIfYVwfqC1hxo2BofbBenoOFx3IP_P4IRBHydWZLFI7JYwsNV9mlipICtIpLLdYkaWuW5nclmkBYH%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=2,https%3A%2F%2Freturncustomer.com%2F$0;xdt=1;crlt=T61lO-KvYg;sttr=45;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v80.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

30c4fb3dd162134b4ed6c65ce7f4cabe965e98885686bc60bc5a5af2ec1c41ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24519
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js Show response
pagead2.googlesyndication.com/bg/ Frame FB73 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13343
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 02 Oct 2022 20:38:48 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 8D1A 114 KB
40 KB 30ms
6ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:06:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2351
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40185
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 20:06:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/ Frame 8D1A 8 KB
3 KB 6ms
6ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210928/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N8295.8257.AUTOTRADER.COM/B24975057.294993873;dc_ver=80.232;sz=728x90;u_sd=1;dc_adk=1726166434;ord=ujukqb;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCjKMmCsVYYZjIMIGOtweI3qOIBrK7n5dljeTV-84NxpC7tt0nEAEg-LD4AWDJhoCA3CPIAQmoAwGqBPUBT9Afs8D_HW8fDXZTYulPIqn9rau_z2iVj0BoD3U2GyLJ0-NYP3REnnaWQs4b-8jNIojFEjFKV8MDEHVYcsZdqVnuiDuycEUdQ3gmg1saYAnpLCRF5GVaeoG71geoQfwUarUvyk-gVwTlByBPo3nXdjq-Zk-OscQigkedF-oNUApKec05b5-gTLM6cYW53ehO78SsMTz0KhsQodVrdxyLC0RIGAwN3v_FpFpxouSnrQt60IA3C1dr5gTlYVwOP2Sqfb3LzPoiP7LKbub4sQHzeYmUHbv4yxjCyj0d0XWIMJkaTPNYcNWMX8QZEwqetnICr-7pfgTABJKzmI7DA-AEA5AGAaAGTYAHy6WHuwGoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiAYRABGF-ACgGYCwHICwGADAGwE_TF5QzQEwDYEwqIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASBORoOj0%26sig%3DAOD64_0TcmQOgHENy4H2ZmfJm9wm9JQslQ%26client%3Dca-pub-1423853871697674%26dbm_c%3DAKAmf-CdekwmdiY8RM1jBGndTOr2b1wjDDCqbVIvoPqKjLWemd2Q3zvUux1TkGgZaO-Fm_jnJlZ1BYTO9398Q2QVqDeNIoM7vFhvcrOe4xzfmerctrl3zcJoWGC9Jekd_N9jEjLnFCkBCDqN3aAFUlwH0C0XkPQwsw%26cry%3D1%26dbm_d%3DAKAmf-DilZVncB6by9LTocTyBdkePDw6hbcJZePzOrpx0mgcjAE06t0qjrRMZjJFtAqBA_AUoDDl_Nd4UofEfBB2bif5CRb4h-sMk99ck4Z9nYj6n1S_0R0Gv6R8XGBRgGDbyz6oiThFxIcevt9IOKjJKOva6OCig7y4vpkxGaQbvLSHiHgtlh-aHHLcEL4w33DYR59GmKxs5qDh2pSFB6OgAiEMeyIytU7ptqarOWEJ9GII5IJZ9nARGtYUttgTdszEG36c9CTbZsiB7-gwVLV1P9er6TTPqXuifNFeJly46VbApAvysIjwdgocVYwQTf_ObdOANaOsAczoKEFfD_Y_RO9b1Ss_hlpXGAnjOwOOGjyOXuCLsncQQDIT3XBnIfYVwfqC1hxo2BofbBenoOFx3IP_P4IRBHydWZLFI7JYwsNV9mlipICtIpLLdYkaWuW5nclmkBYH%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=2,https%3A%2F%2Freturncustomer.com%2F$0;xdt=1;crlt=T61lO-KvYg;sttr=45;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3143
x-xss-protection: 0
server: cafe
etag: 2416364338287085106
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:30:29 GMT

GET
DATA 200
OK truncated
/ Frame 8D1A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab343810d672ad54c4932b367e0dd8c7fcb5805901154c2a08b203671846d5bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E7AA 22 KB
8 KB 7ms
6ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 01 Oct 2021 11:59:56 GMT
expires: Sat, 01 Oct 2022 11:59:56 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 117967
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 durly.js Show response
c.betrad.com/ Frame 8D1A 4 KB
2 KB 51ms
8ms Script
application/x-javascript 104.111.233.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.betrad.com/durly.js?;ad_wxh=728x90;coid=581;nid=13203
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.233.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-93.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 06f777ff38a8dd1b7583e8323755ef6ed1c5ab41107894ed98792553e82097ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:30:33 GMT
server: AkamaiNetStorage
etag: "2dfa8070bee860ca86deb1779cf87d3e:1542216642"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1605

GET
H/1.1

200
OK

firstevent Show response
bmwmini.demdex.net/ Frame 8D1A
Redirect Chain

https://bmwmini.demdex.net/event?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057
https://bmwmini.demdex.net/firstevent?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057

42 B
953 B

40ms
40ms

Script
image/gif

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bmwmini.demdex.net/firstevent?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v018-08b127a00.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 8g0kahsURTo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v018-05435f1dc.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 8ZVDdsrbTT0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://bmwmini.demdex.net/firstevent?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 index.html Show response
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/ Frame 78EC 8 KB
3 KB 22ms
8ms Document
text/html 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_273.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

467b1c2f19191d0239fe67a14f4dfa8c6177f5b4f0072be7eda822d901491e9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 2585
date: Sat, 02 Oct 2021 15:52:26 GMT
expires: Sun, 03 Oct 2021 15:52:26 GMT
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 17617
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8D1A 0
339 B 43ms
42ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgdF1Hdp_4HIupe6Q09dIOndS7y3q1Kg1WQgYmLUpagSeK_TwxLDLE51qULoKUYkBXSob0E4SNNkFihnkBg9EAfgdHbOU9ipaUzweBRPpPRE9RPM9Bbc2VjjwBq8aViMFY_xTsSvxPepg4TCL8tvOThQk&sig=Cg0ArKJSzHZk7xN7O-85EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=70&cbvp=1&cstd=68&cisv=r20210928.39026&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 02 Oct 2021 20:46:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 m
secure-gg.imrworldwide.com/cgi-bin/ Frame 8D1A 0
297 B 132ms
35ms Image
text/plain 34.249.249.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gg.imrworldwide.com/cgi-bin/m?ci=mccann-ca&at=view&rt=banner&st=flash&ca=24975057&c1=siteid,1389782&pc=294993873&c2=adid,489086314&cr=156991276&c3=userid,noval&c4=agentdept,um_bmw&ce=DART&rnd=867742937&C78=G1,DCM&uoo=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.249.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-249-23.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gg.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js Show response
pagead2.googlesyndication.com/bg/ Frame E7AA 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13343
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 02 Oct 2022 20:38:48 GMT

OPTIONS
H2 204 services
sumo.com/ Frame 0
0 168ms
168ms Preflight 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/services
Protocol: H2
Server: 52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-sumo-auth
Origin: https://returncustomer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Sat, 02 Oct 2021 20:46:03 GMT
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

POST
H2 200 services Show response
sumo.com/ 1 KB
1 KB 186ms
186ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/services

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

38d941fe67bc74992fa9062e0b82ea65480a9837665ec084cceaf201509c0221

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
X-Sumo-Auth: kYLxPgF9spntIFjoq8Sv33pH
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
content-type: application/json; charset=utf-8

GET
H3 200 core_e8bbe6c8.js Show response
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/ Frame 78EC 19 KB
7 KB 7ms
7ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/core_e8bbe6c8.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

0f8f3d47e22b05e041b8c08036b1035570098b48a1a7b001bc024c554d6eadb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17616
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6994
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:27 GMT

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame 8D1A 41 KB
12 KB 38ms
7ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r181114
Requested by: Host: c.betrad.com
URL: https://c.betrad.com/durly.js?;ad_wxh=728x90;coid=581;nid=13203
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 72bd223dadfcc3fe7e65d1d107fe61d98649ad7cf9f220a869c2e048b0aeab1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:29:11 GMT
server: AkamaiNetStorage
etag: "b5d7c697ff1dc525401c112149d1a74f:1542216553"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12438

GET
H2 200 4.gif
c.evidon.com/a/ Frame 8D1A 43 B
335 B 39ms
7ms Image
image/gif 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/gif
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8D1A 0
23 B 42ms
41ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgdF1Hdp_4HIupe6Q09dIOndS7y3q1Kg1WQgYmLUpagSeK_TwxLDLE51qULoKUYkBXSob0E4SNNkFihnkBg9EAfgdHbOU9ipaUzweBRPpPRE9RPM9Bbc2VjjwBq8aViMFY_xTsSvxPepg4TCL8tvOThQk&sig=Cg0ArKJSzHZk7xN7O-85EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=153&vt=11&dtpt=83&dett=3&cstd=68&cisv=r20210928.39026&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 02 Oct 2021 20:46:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 bundle.js Show response
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/ Frame 78EC 137 KB
43 KB 9ms
8ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/bundle.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/core_e8bbe6c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

31c442570bfb26e12ec3cb967f0a9f0f81ac5b489688fc1acc526783fad8b14a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44291
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 adapter_cda7b023.js Show response
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/ Frame 78EC 2 KB
1 KB 8ms
7ms Script
text/javascript 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/adapter_cda7b023.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/tactic/core_e8bbe6c8.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

fb45c29c9baa1cc8ba294bcb27c76973a066abb4b13b7c91413799c423d82895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1152
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H2 200 13203.js Show response
c.evidon.com/a/n/581/ Frame 8D1A 1 KB
1013 B 7ms
7ms Script
application/x-javascript 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/581/13203.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r181114
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c5db15499d7cf6525700d042acc6e2e015fa2d9c8ae6249391b3249fa6c3bb6e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Wed, 18 Nov 2020 00:08:53 GMT
server: AkamaiNetStorage
etag: "fa1c1801348051367d2d0ad91326b6d5:1605658133.617574"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: application/x-javascript
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 717

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FB73 0
20 B 43ms
43ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDJaKC8VYYZLAE8KP7_UPrNiGoAcAAAAAOAHgBAI&bg=!Xl2lXRnNAAZE-GIIRPg7ACkAdvg8WniryPXqxgj1zdVfJu5USaL-HmGlBrJ6bkF7fe40BJ6qmqpHFgIAAAC5UgAAABtoAQcKAAo4QU0ojBCnuuUcmQLte1nbzznogdhPFA7oIUR0wPo-sImp4dF0Qv_b965NyFpdGnkcDF8OkqdmHraniEMHwL03Fadw1Fs9vgNqKwxrwupmII2SmFqfkw1mgha7G2us-zakE5eoNDB-7UuAZ_HEyJ4yUz-0sEqC7vN8Zq-pIsdXAYjf4V4pDuwZswRoI10VMnmzRqSegHLIzlWl5m06AQlgN_yFZ-Y4YI44KSDXrPpE7ekn62uzpOSknirZAVER0LtstNdp0CsJuFrSu_hnzNfyHU6-0Yfa8KPK1E6sIZWFFVdPxOzcXRPsKdnTlcbOMgf2mVIxRHWDzsqpPprP3BlNCzyvX7x37NBHLAv5fZEi1V8C5rf2dCU9Uoe3HoyZyXGjiTRyf19d6BjWs2W6SRYgxeY7TiIGfd12UtiYpHYM28VJjMiF3aNQ3sMC8E0XUWWOa64yzmCKdu1wtV8jzURrRls2LPBIUWgJ0Jh1rgLkdKlQIi4DXvJOudSJ7g_uFIpR5odMlqUwFO4F3wPvT780Jeog3lKIUkH3j-rEWBpH9wtlIvGp2O_t5zRjUoE71BjDULqowFaJwt5HZM5VDlE75WnZTRcwvjvFpnwIuDWStPkGRrMTaaT-nfR-jJ0FyN4JgIoF1IGh7GWgTgT3CjOJZOTXQeju7js3hJd_lMp-LdszNmaMddCRp7UgqQvViMNcA6ggbMJOyIJrWar8W5Uft99kStmQyVgA5ehCRf2ML4c9xDT82crwUaCmZ7IE2eg-ajGCqaFMqzqp_PG4yhSaWX9F5ZLgrvPVzYy7NB6wpwx1UJBQALyqJH5zh2RAiUdApEkVtRwpZr6Mex_uCwChggtMgd4WBN7HH5Fjudi13UHIo8P_6cFAb6KiVnbeoj5wlR9lLDd4qQ81tFECMuWlSjrSXQJhO296ipwrDdcpkVcKsPN_ySu_BBrwDGOkusMkWNWmsS7o4HqHSYbR9LQZN5YZvrCOTYIslE2PLgiJ6ljYZvqeAxyKgZI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 69 KB
69 KB 8ms
7ms Image
image/jpeg 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/img1.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

521bcde312e5dfc1dce72b53f5d710d6191b2257847fda2a2595db52f07e385d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 70973
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 frame1.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 6 KB
6 KB 10ms
9ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/frame1.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

0cd510f6a105dc9a981eef87b7b5f3a964997eaf0a209fd790626c57de6fc670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5652
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 62 KB
62 KB 11ms
9ms Image
image/jpeg 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/img2.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

ae916135b13cde9d7bc06420ff0b06caf72b2faff5f0ebcd48d4f3cb7e77987d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63266
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 frame2.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 3 KB
3 KB 17ms
15ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/frame2.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

c3b1c91d2d72fcbce47799f1f676ceffa4dcf71238644acd612df666b1f551a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3403
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 img3.jpg
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 77 KB
77 KB 17ms
15ms Image
image/jpeg 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/img3.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

31c5dbafb63fc02f3485648fd6f9cc88a6345d86f7de604e6908e4edba27b8b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78859
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 frame3.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 10 KB
10 KB 15ms
13ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/frame3.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

95f592c50a907d01bd456cbb0226db40f14199c3a045b3472557c3fa0326709b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9918
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 endframe-logo.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 6 KB
6 KB 13ms
11ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/endframe-logo.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

9fe591f8fa54e4dd922613aec0be98e6a6302f1ba657b54fd9c94947bf58fb9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6341
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 cta.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 3 KB
3 KB 15ms
13ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/cta.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

aa14cc600b408fa60a635661f9b517120b81b79789faae34ca8c5f60ccd3d772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2829
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H3 200 cta-over.png
s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/ Frame 78EC 3 KB
3 KB 15ms
13ms Image
image/png 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/728x90/cta-over.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

sffe /

Resource Hash

ff1b48ff9e3ff21e242d785f883796ac8c0bce20ab102212733d1f17c39b8a87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/3864313/1630515871651/BMWNA-21102972-Certified-Sept-Oct-530i-HTML-Banner-728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 15:52:29 GMT
x-content-type-options: nosniff
age: 17614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2998
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 17:04:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 03 Oct 2021 15:52:29 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame 8D1A 2 KB
984 B 15ms
15ms Stylesheet
text/css 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.126270083812682
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r181114
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: text/css
access-control-allow-origin
access-control-max-age: 108000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame 8D1A 109 B
400 B 14ms
14ms Image
image/png 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/png
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame 8D1A 581 B
888 B 17ms
16ms Image
image/png 104.111.244.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.111.244.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-244-187.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:03 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET,OPTIONS,POST
content-type: image/png
access-control-allow-origin
access-control-max-age: 108000
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_13203/de/0/1/0/0/0/0/728/90/242/581/0/ Frame 8D1A 0
121 B 304ms
94ms Image
text/plain 52.205.43.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_13203/de/0/1/0/0/0/0/728/90/242/581/0/pixel.gif?v=2_1&ttid=2&d=googleads.g.doubleclick.net&r=0.911377015366142
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.43.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-43-40.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E7AA 0
20 B 42ms
42ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXGMeC8VYYcO-HYyV3gOpl42QBQAAAAA4AeAEAg&bg=!bG-lbyvNAAZE-GIIRPg7ACkAdvg8WpHz98y5JC08HNbpKtg3awpq-mi97sIly9nc4MCl-8nKSSivWQIAAACQUgAAAAtoAQeZAw4I6qBvqJfDhspujNJw1DqZfxvPPAWF1Is4R_2mbDvsbOZ0o3r8Xuax1k84i2HnkMtf7Flo-Ntl629xJB_dlH8_26o8ShAkS4YeG_JoOHBt1LBPq3o5DS2IueyUoOxob8gqbnW9ZlXCtrlbEbBA-u10g1uX10uBCZa7h7r0W739DLLJsOsdoo-fhPuKLGlUWEYdYwpqcAJpMGOoEJHL1xyxhpeeuABxt3Yr1AISFIFI1kfLwU2sGj6WECWgiIpMtW-RWpkTwmYp_xHwKy6FMoi1W5C8nnAflrhqQntTRryH1chTdH1ix32u_K4eQrh-yF4AsJf1nJ37rAwUMN4NUmesmbV_B5xiPV2WNOaHzAiPwLORZCkP-UA_eyy2SNDeki2APe-TJLugV_Z8KP9BkxooNbvtD6prEJs8PEBvSYqwl9XsAo59bRAbJT756c6XucnalHOF5W2jCufN6zvU0nwZ4d0B4Y35wL55lSnZX7Qv3HD5OsdueGV2mLwGqUtkbY2UKEV-iS6aeCw5V9UGnZwT73A2Ui8_JzXJH9rCAwfy5VreAswKGyzc-2lePFQ4tJg5ix7dNF6pBfF4Xrm1PIMeor8TPEzuTqiPqoO4dRPtitrpSIM1M_3VwczhbRah6qjKbGSlruWWfojA45BU89G_0u1zShQKfbjPzZjzX_kHhBetHvmSVKAQUS-4RfNZ2EVSKfL-oMb3gpr0ox-lAE2BeQ1tuYlEm9tOeteoDEij5AJi_MK8ybUusJv-CRf4FXKBL5jFrSqHSVxnlfFc_Qh8z7WuviZwcAXQehTzVuxVUbk52BMgasfPN4MD_PenzDEIHoSLYTibhvL6LmQgMqZNPBEU4pjkZ4YqbloqYbMrPsxs4sYQq_zI_-L_88DZKbsKnOgjcwE9ZjiKnM9N13PPQgKArhqKIq8Cp7HU--8XobOEL6LHRt9QuTd5bIfpZJyQNeh7Lkrb1X9_HccOg9eftcEdxzOg92FZWEP8RtHuFQw0XJEImHtB3UGEFxz143mgjMjNWQFG-nnNngizWQ

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7.0a035390359aab65eb82.js Show response
load.sumo.com/ 97 KB
34 KB 6ms
6ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: CJCF7CW3MV8N7Q6G
cdn-cachedat: 08/11/2021 03:14:52
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: CNkELBse4Y593KQCSQRX1oicsKF7scX+YJuwfC6ldz4XD7H1DIWNNU10iOgfiLXPokfuDShuseU=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:47 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: e111652093fd1060b81c88491f0a4c24
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 4.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 9ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: N4YGPYHRDAC7QXZH
cdn-cachedat: 08/11/2021 01:00:42
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZyN3peb0mEdiK4szAABWta3Npp/s6aFp7SGneDOBlLz3RaDSa8Ho9RodM0lRLwgOOWsqwAYTQsw=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:24 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: c2576e9f283a6129626a5d69a02ac429
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 2.0a035390359aab65eb82.js Show response
load.sumo.com/ 3 KB
2 KB 9ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 2SS2EKNC96E2ZWBC
cdn-cachedat: 08/11/2021 07:55:22
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: om0ubvn3AJVIJeo5FDAPngcnCeGFDV5cdl7Dh1LWb3Mu8+tH0a0qkWEe40YkJMrjWEKHYhxQ8Po=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:08 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 09da40bdb941b894211a1ba0f1c17088
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.0a035390359aab65eb82.js Show response
load.sumo.com/ 11 KB
5 KB 9ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: MER4KM6F7Q2JNQ5W
cdn-cachedat: 08/11/2021 07:29:34
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: E5dcQp/o1cIppfojsowKVOXW7ZUiiNp7ocDAMKJh6oiooddIklNQ5UOgh1R9uM2pZdkJYmHadl8=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:54 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 46a0a13f8109dc3e5a235ab7e8dc9fe0
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.0a035390359aab65eb82.js Show response
load.sumo.com/ 92 KB
25 KB 13ms
12ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: SDRMZCHBH8JCG4EW
cdn-cachedat: 08/11/2021 01:39:03
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: Mh4g/5w6u8Sn3oSvTIRlHjXYmlpmbUcVAuUhwYOrgj1kCeipGQke7R0i5izHPL985rLtaJBDcAk=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: edcd8f42f04e69699e6087763b46cb16
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 23.0a035390359aab65eb82.js Show response
load.sumo.com/ 329 KB
94 KB 14ms
13ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 9XQCP7NW3WVDSYTB
cdn-cachedat: 08/11/2021 03:15:25
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ld40Pz0CH+lzXng12qFYRohEmnjI9dEBceKZ2sX+7mdR6hnYe912+QkcLiFlJd9TnthnETGE3YM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 1b146d5e20f19ec52d6ee83afb015c80
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.0a035390359aab65eb82.js Show response
load.sumo.com/ 179 KB
51 KB 9ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: PC6V8XNR7Q61HHSG
cdn-cachedat: 08/11/2021 04:57:29
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ZHXqsNODWdp8QMufVJkeNZ8Xe+OkUm7aygEJNy5f/FZIdtn7oJxkd0gh20eHC6PhK+QjRbS0Qac=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 6183efea470678175c67d4f7bc40232e
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 64.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
1 KB 13ms
13ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: HA5WXKDDR49J14S5
cdn-cachedat: 08/11/2021 02:58:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: tdwIiEVSoIoFjCT91hbXGtcKx2WNNGkRfehwR63674L7CkYizIxkDrZIK4AWzM2dkDrPOU4IpNM=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:44 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 2f139dedcda6c48abe83207318cae7a5
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
3 KB 7ms
6ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 72BJV4V2M6106661
cdn-cachedat: 08/11/2021 06:53:00
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: geN8VZqyqgjzxGHn+iZxJjzqyPacwIfonJ7M/Gfx/SPZ8YbafYphswHvw0hJB5OpVkDQ305Tt6o=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: f780db574e7e7737a9039f5a298727d7
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 KB
2 KB 7ms
7ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/1.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: b5d439b0a1670a4a56384b0b48fcdfabef6e8a5124683f32c6913d1fe22e9563

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: KNGER9VYJ4968MQE
cdn-cachedat: 08/11/2021 03:15:26
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: 2fbtyuZLLsiSvOcxnHSAOrjWmp70wOaqXOxNyVgk2Z8XBaJVH2Saca3PPe6D9EJsgnZcl02XEJ4=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 526a11dbcd069a092e46e45d2f4d2503
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 3.0a035390359aab65eb82.js Show response
load.sumo.com/ 5 KB
2 KB 8ms
7ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/3.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 9b9b439612eecd459a6edf2abfcf4ae252710e0069772b1b78c4970b3c0f1830

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: YRAW4A09YDM3DS75
cdn-cachedat: 08/11/2021 07:24:25
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: n6e65izEqr4Fqad3HNM23nAqpK/yyn7jxS1g2tymUzyMxPIHi0A+gBTpPbzU7ZUAWnUCmuparVo=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:16 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 4584ea9ee587c48d5ba4cf06576dc609
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.0a035390359aab65eb82.js Show response
load.sumo.com/ 438 KB
129 KB 8ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/11.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: a73a98563485541039998520eaa3f1b8475e8da1f9ae414a74c73df0d5f24f8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: NP7PJYZ7VB1AHHT7
cdn-cachedat: 08/11/2021 05:22:31
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: tbD3JfDTSOhNh0hgqCkQ4nh3fRfhO/gb5DGIQNXQPPxPMRoD4dpgLz/ne2zFmyNkABzZG+Zuw+M=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:00 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 8d083901f761e2d68f75f17edac0cc87
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 15.0a035390359aab65eb82.js Show response
load.sumo.com/ 711 KB
53 KB 12ms
12ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/15.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: e146694637c659ec76a75f2f92253956460decf38696b9f77d825dde8308efaa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: 897ZEAZ6R2SA6Z61
cdn-cachedat: 08/11/2021 05:20:57
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: ozWsOQWUqx0TPz6V6gVcpH84h103c1y0MdvoZ6WmNAhYb3SzW5QGEdB/xRHME64bi580Ybt+jFE=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:44:04 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 4ce3072b0a9bb62984976d76fd5cbc87
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 css
fonts.googleapis.com/ Frame 218F 3 KB
580 B 50ms
26ms Stylesheet
text/css 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 20:07:03 GMT
server: ESF
date: Sat, 02 Oct 2021 20:46:04 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 02 Oct 2021 20:46:04 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 218F 1 KB
879 B 8ms
7ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:26:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1176
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 852
x-xss-protection: 0
server: cafe
etag: 14170629819630813772
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:26:28 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/ Frame 218F 18 KB
7 KB 8ms
6ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:43:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7607
x-xss-protection: 0
server: cafe
etag: 5036643633216217121
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:43:21 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 218F 3 KB
1 KB 9ms
6ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:39:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 406
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1358
x-xss-protection: 0
server: cafe
etag: 15351394696698642166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:39:18 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 218F 122 KB
37 KB 29ms
26ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
server: sffe
etag: "1633087504575570"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Sat, 02 Oct 2021 20:46:04 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/ Frame 218F 14 KB
6 KB 9ms
6ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210928/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

cafe /

Resource Hash

4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:33:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6194
x-xss-protection: 0
server: cafe
etag: 2541472377268313288
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 16 Oct 2021 20:33:02 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 218F 0
0 32ms
14ms Image
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTjMnc2-jq-YKi4LbwLH1z5PuB1BFjf7VrVfY5o4LaQ0ZdG4wco5A17qXPZvvklSd3kT8PyFrqvvi0ilVfEgEf2yYpMeQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 a05f1579543550f3e279366fb116adbd.js Show response
www.gstatic.com/mysidia/ Frame 218F 27 KB
12 KB 54ms
14ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a05f1579543550f3e279366fb116adbd.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f131.1e100.net

Software

sffe /

Resource Hash

6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 15:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 192048
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11147
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 01:21:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 29 Dec 2021 15:25:16 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 218F 0
0 19ms
18ms Fetch
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTsy3C8VYYYbKEMTibdXym5AEhaCIrGXx1e65uA6QtKjo8x8QASD4sPgBYMmGgIDcI6AB4erA2QPIAQmoAwHIA8sEqgTPAU_Qz-G9B0XhyMOREfKkCeCrkXeTnEFK8oyBuBViSKDJyh0cSnIs_YSY2mqTacf-69Dr26Tk8f1m7kDxj5Y20ziTX8sNbaJZTWL--3f0V6Mpz_jVh0bTX9XRzrl-uSZodkf4C1VnQMlR0GzGj53sT5TOc0c-TiKjEGeMgaeJINYjqwawgJ5cEKORBdBzWqclynkxTusdxRE7tiLXX-271RIarERbSXvdGLVuf4s9_NY3K0LpaBmkWzW7XgWp0aHd1Z2Q54ffc4eLMVbhNtldfsAE86-Kp9YDkgUECAQYAZIFBAgFGASgBi6AB4eVvyaoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4b2AcA8gcEEJSiDtIIBwiAYRABGF-ACgHICwG4E4gn2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE0MjM4NTM4NzE2OTc2NzQYAA&sigh=eqdeWY1y4LM&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 02 Oct 2021 20:46:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 96.0a035390359aab65eb82.js Show response
load.sumo.com/ 1 MB
80 KB 6ms
6ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: ETN9Y2CB4JR36VS8
cdn-cachedat: 08/11/2021 06:56:51
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: hmfe8ryATIBRescEh6v33eH8sJ61l9gyYCWqjtX5MgK5uVzXNqi4XzjIlkZQAGWsnUd8ANzMelg=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:08 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 0b7547c42d00754bde6dfb89e12aa9bd
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 97.0a035390359aab65eb82.js Show response
load.sumo.com/ 221 B
958 B 8ms
8ms Script
text/javascript 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by: Host: load.sumo.com
URL: https://load.sumo.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
cdn-edgestorageid: 756
x-amz-request-id: XX71XTHVAZ9WHXF5
cdn-cachedat: 08/11/2021 01:00:39
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2: IrAr89qZVaMDRwNGV7DkBYLlhQduKqBlKagxiVs2XoSkMpsnw5sFcxxojABTLTuponGysrE/vDc=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:09 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: 64ce9bc47148c9d32bcf0b069596297b
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8036776071402632721/ Frame 218F 47 KB
47 KB 67ms
66ms Image
image/png 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8036776071402632721/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

23e535494a21b8a1cb0d76737879e90753dd484dcd2437ae87cb611ca43e40ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48184
x-xss-protection: 0
last-modified: Tue, 17 Aug 2021 22:34:57 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 02 Oct 2022 20:46:04 GMT

GET
DATA 200
OK truncated
/ Frame 218F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EA30 1 KB
749 B 7ms
6ms Document
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 01 Oct 2021 21:06:15 GMT
expires: Sat, 02 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 85189
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 218F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b6c5e88ce0195af4b88df36276eaf88bab0302868497944e8ee92ddd99cb64d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 404 rpc
clients6.google.com/ Frame 0
0 68ms
13ms Preflight
text/html 142.250.185.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ
Protocol: H2
Server: 142.250.185.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f14.1e100.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://returncustomer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1564
date: Sat, 02 Oct 2021 20:46:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ 31 KB
1 KB 25ms
25ms Stylesheet
text/css 142.250.185.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.138 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f10.1e100.net

Software

ESF /

Resource Hash

f8d1eb929b183c4440bfb1c8e7b37f0d43c8618d988f04cfbd47aa70072e040e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 02 Oct 2021 19:55:07 GMT
server: ESF
date: Sat, 02 Oct 2021 20:46:04 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Sat, 02 Oct 2021 20:46:04 GMT

GET
H2 200 shares.json Show response
api.bufferapp.com/1/links/ 128 B
443 B 496ms
467ms Script
text/javascript 104.16.139.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.bufferapp.com/1/links/shares.json?url=https%3A%2F%2Freturncustomer.com%2F&callback=jQuery110204061283595805627_1633207562609&_=1633207562610

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.139.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

96eecf341c84e2f3749648a1a8b334230f64b6843eab424d9b1ca9c29324dce2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 6980c72c8e1ad6c9-FRA
etag: W/"80-8NpD+n9AMWbTYEV0jPKjBlvkQMk"
expires: Sun, 03 Oct 2021 08:46:04 GMT

GET
H2 200 / Show response
graph.facebook.com/ 251 B
673 B 79ms
37ms Script
text/javascript 157.240.236.15
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Freturncustomer.com%2F&callback=jQuery110204061283595805627_1633207562611&_=1633207562612

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.236.15 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-shv-02-frx5.facebook.com

Software

Resource Hash

e3ff589286eef8fb503c00bb974e953cfdae9b6a09d54ee5f18ec0f8e4e83d3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004496597
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 192
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: abmvpw2mWPAG3Ys6rSkJhN2feGNIJxlNB+I7eH03/l5yTf3AI91nDGe/sSEJWsrrkNEEx1XmFiQIfGBWnXZHSQ==
x-fb-trace-id: H9WiCi+rDEH
date: Sat, 02 Oct 2021 20:46:04 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: Ayl-3RTjaRW1OTo5hXdWZ1c
cache-control: no-store
facebook-api-version: v4.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 links.getStats Show response
api.facebook.com/method/ 391 B
595 B 70ms
32ms Script
text/javascript 157.240.236.15
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://api.facebook.com/method/links.getStats?urls=https%3A%2F%2Freturncustomer.com%2F&format=json&callback=jQuery110204061283595805627_1633207562613&_=1633207562614

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.236.15 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-shv-02-frx5.facebook.com

Software

Resource Hash

a7c952fb134502f04414a2a3479c8533d5857e9291939332790ff323b4ea5eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: QQb8lZKUPLYIxmdrHJAfgY7Nvi/qZWMg7AwjUnkk5CzVlE1Isy6Sq8wZVqcOC8cDDhpurLuaeZirvApRUcYVmA==
content-encoding: br
vary: Accept-Encoding
x-fb-trace-id: H+kNAJG7laE
date: Sat, 02 Oct 2021 20:46:04 GMT
strict-transport-security: max-age=15552000; preload
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
x-fb-request-id: Aggj6QOZ5mX7rjElizOt0xw
cache-control: private, no-cache, no-store, must-revalidate
x-fb-rev: 1004496597
facebook-api-version: v4.0
content-length: 232
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST rpc
clients6.google.com/ 0
0

GET
H2 200 count.json Show response
widgets.pinterest.com/v1/urls/ 90 B
301 B 134ms
99ms Script
application/javascript 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://widgets.pinterest.com/v1/urls/count.json?callback=jQuery110204061283595805627_1633207562615&source=6&url=https%3A%2F%2Freturncustomer.com%2F&_=1633207562616

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.84 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

17b7955c5217a4f21b660740e7f180c302a2a9f53ff45488aa6f5a7e9dbc1b4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, max-age=887
x-envoy-upstream-service-time: 2
accept-ranges: none
x-pinterest-rid: 1163581315447645
expires: Sat, 02 Oct 2021 21:01:04 GMT

GET
H2

200

button_info.json Show response
www.reddit.com/
Redirect Chain

https://reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618
https://www.reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618

167 B
609 B

134ms
122ms

Script
application/javascript

151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.140 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

31c35185e5f020c1d099d5feabec1f7029ef6961d7a6d7589803ab43a6757d1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-ratelimit-used: 1
via: 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 167
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge
x-moose: majestic
x-clacks-overhead: GNU Terry Pratchett
server: snooserv
x-frame-options: SAMEORIGIN
date: Sat, 02 Oct 2021 20:46:04 GMT
x-ratelimit-remaining: 299
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ratelimit-reset: 236
accept-ranges: bytes
expires: -1

Redirect headers

date: Sat, 02 Oct 2021 20:46:04 GMT
via: 1.1 varnish
x-clacks-overhead: GNU Terry Pratchett
server: snooserv
strict-transport-security: max-age=15552000; includeSubDomains; preload
location: https://www.reddit.com/button_info.json?url=https%3A%2F%2Freturncustomer.com%2F&jsonp=jQuery110204061283595805627_1633207562617&_=1633207562618
cache-control: private, max-age=3600
accept-ranges: bytes
content-length: 0
retry-after: 0

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c36eb9f49a231993fa4ead31474f6ba49fbba5b2b8630a6d0abb64b3740226c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b8816a62d8c89fa9b93babc5cb516046f90e2ce6bde700703df27e144ccd7090

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13e9741d8619b07a7e0779171ec4a35d0ee8dad0592a65088f9d3f31af274d43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6d248d1bca62a13f7a5a6363736e10b4858dd4cc539aaf0018b40b036ac5757

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sumome-white-60.png
load.sumo.com/_/images/apps/9e8a4d2a-6f8c-415e-851b-bdfe4c01d5c1/ 16 KB
16 KB 6ms
6ms Image
image/png 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load.sumo.com/_/images/apps/9e8a4d2a-6f8c-415e-851b-bdfe4c01d5c1/sumome-white-60.png
Requested by: Host: returncustomer.com
URL: https://returncustomer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-89-187-169-47.cdn77.com
Software: BunnyCDN-DE1-756 /
Resource Hash: 8ed77676d10661c0467f600237ee68475d3d4e58993e200cd953ae54132a0e24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
cdn-edgestorageid: 756
x-amz-request-id: NXGNTVVWJK5VDQCJ
cdn-cachedat: 08/11/2021 05:19:07
cdn-pullzone: 53731
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length: 16033
x-amz-id-2: TWnUb8jEifg1rig/LcwPQsJQ5LwRIzJ/BZcX4JgXaHrdQh/+P7qazm9AXyKGGtMAQfp8wHUg4bY=
server: BunnyCDN-DE1-756
access-control-allow-origin: *
last-modified: Wed, 30 Jun 2021 15:45:11 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
content-type: image/png
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=31536000
cdn-uid: a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid: f5b0c4e319cadf10410e8aa541aace38
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 218F 21 KB
21 KB 38ms
17ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 19:46:29 GMT
x-content-type-options: nosniff
age: 435575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 19:46:29 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 218F 21 KB
21 KB 33ms
14ms Font
font/woff2 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 19:16:07 GMT
x-content-type-options: nosniff
age: 350997
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Sep 2022 19:16:07 GMT

GET
H2 200 features Show response
sumo.com/api/site/4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee/ 3 KB
1 KB 174ms
174ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/site/4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee/features?site_id=4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
X-Sumo-Auth: kYLxPgF9spntIFjoq8Sv33pH

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
vary: Origin, Accept-Encoding
server: nginx/1.18.0
etag: "-362431178"
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow

OPTIONS
H2 204 features
sumo.com/api/site/4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee/ Frame 0
0 168ms
168ms Preflight 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sumo.com/api/site/4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee/features?site_id=4b1df3cafe53625300f503cdb8770d89715ae59ebf061c109f64bc8fdfc80aee
Protocol: H2
Server: 52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sumo-auth
Origin: https://returncustomer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.18.0
date: Sat, 02 Oct 2021 20:46:04 GMT
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-headers: pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age: 2592000

GET
H2 200 dpixel
cms.quantserve.com/ Frame EA30 35 B
463 B 32ms
9ms Image
image/gif 91.228.74.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEMzxgyjtEU2I9syQFEPQKmE&google_cver=1&google_push=AYg5qPL5hRaXceR2sr9MrAbeN6GhAAsgER63Gkrc26UQhrZjZtRQeSIhKc0dMCtV2VV9JChoKo973Rtxmaqfu1y0492sMKiBjQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EA30 43 B
607 B 59ms
24ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEN42JejsNQRLyh-v3GymkQ4&google_push=AYg5qPIO3WV-Iq8He1LxCGvqOVOASC3ZK7gDMldNCWy3oV9YPRJg-ArwnX_xeNiak1_NpNBY56NZ7It2FM6KGDfB9Ty4e3Ulsw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EA30
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEBrxG8uXTYzUUMACzTb1mlc&google_cver=1&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g
https://rtb.openx.net/sync/dds?google_gid=CAESEBrxG8uXTYzUUMACzTb1mlc&google_cver=1&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&google_hm=Zok6Ij7Gx5A2CisHri8A_g==

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&google_hm=Zok6Ij7Gx5A2CisHri8A_g==

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLld5Erl1NrXRyulMLsH5PgPPKsQ5Vqq8ghj-orPbNHwYJ_j8qW2pfG5ZvmxfYgWFw89CLSJ5AuLJWG1o5qrwe_GHyqo-g&google_hm=Zok6Ij7Gx5A2CisHri8A_g==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: v2ae12njkclng1cd5a5henk5alkhk56a

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EA30
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SA14hRGYSymLXcjFrZlZQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

21ms
21ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SA14hRGYSymLXcjFrZlZQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRAV_rVGWv40LbBM0APx6sT8-7UF4n1YyPGudRTHAC3MArzhIwuz6XeMZOreExXdUZV3XbWSYeAUn93Ot48xJMy7mgKGM

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=SA14hRGYSymLXcjFrZlZQw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRAV_rVGWv40LbBM0APx6sT8-7UF4n1YyPGudRTHAC3MArzhIwuz6XeMZOreExXdUZV3XbWSYeAUn93Ot48xJMy7mgKGM
date: Sat, 02 Oct 2021 20:46:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EA30
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFBzBA99dHOWOR4xMtsBcvE&google_cver=1&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VBOU01VzQtVS1HM1ZO&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZqPBIxxvgEPNbPS9lE1YR7nr4

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VBOU01VzQtVS1HM1ZO&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZqPBIxxvgEPNbPS9lE1YR7nr4

Requested by

Host: returncustomer.com
URL: https://returncustomer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VBOU01VzQtVS1HM1ZO&google_push=AYg5qPKKrx97ukUdj5rB25VvDz2TsejP_o7ts2T_M5Vtb38rnd9XZCuakgDRqQZ55bqAu-chzQZqPBIxxvgEPNbPS9lE1YR7nr4
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame EA30
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1...

0
0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame EA30 0
44 B 786ms
256ms Image
text/plain 52.68.53.67
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEBj29z-T7oNvW3mmvm7oJww&google_cver=1&google_push=AYg5qPKcuO8Il9tXa3Ft4JR8mj4JcAP50WAiQk21uAUeyebXC7q9qEG0L-Mh-d1sj0cbggRNiA43FBdySqIPF1UJNqTpRyQUaKM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1423853871697674&output=html&h=280&adk=3562793857&adf=246579092&pi=t.aa~a.2884387603~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1633207563&rafmt=1&to=qs&pwprc=9890682053&psa=0&format=1140x280&url=https%3A%2F%2Freturncustomer.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633207563230&bpp=1&bdt=1517&idt=1&shv=r20210927&mjsv=m202109280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D52ae73a14d02e103-221b471d7bc90021%3AT%3D1633207562%3ART%3D1633207562%3AS%3DALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA&prev_fmts=0x0&nras=2&correlator=4079280996818&frm=20&pv=1&ga_vid=1588673939.1633207563&ga_sid=1633207563&ga_hid=1010906414&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java=0&u_nplug=3&u_nmime=4&adx=230&ady=1224&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062986&oid=2&pvsid=2257414847907695&pem=816&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yJInLIOxfH&p=https%3A//returncustomer.com&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.68.53.67 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-68-53-67.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
server: awselb/2.0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EA30 0
12 B 14ms
14ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I4WXP5ijgDupgbEZxkwdccpTOQ3rUKDNDWHuKlE0I-rC62nEGz_XF2IuAi5-OV3i_vZ4X3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8967 35 KB
13 KB 6ms
6ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BPTeJxusP8cOnE_s5L3ABe2tIpKd1NVDJBlhKS7pwaI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13343
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 10:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 02 Oct 2022 20:38:48 GMT

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
239 B 169ms
169ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
239 B 169ms
168ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8D1A 42 B
64 B 55ms
41ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuwPBcb4Cmx3jbutZ5GVGDejrzMsUjG4Nv5gbsUnQWu0WI7L3CGWz5A7Bz-Uea8wuQLA-8SYYdzlkTAAYXYfL2fEmkAzZskRy8VRg&sai=AMfl-YR1VFb9Bkts0v8OHRjk24f1eEztU9QpHAHemYK_k1_B7b0tCrCUNWSiXZMI4C7jfRqBbMzdlaxka4xR&sig=Cg0ArKJSzOmyM1XDD4YHEAE&cid=CAASBORoOj0&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=288,825,1001,1041,1041&tos=288,537,176,40,0&v=20211001&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633207563294&rpt=258

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8D1A 42 B
64 B 39ms
39ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv60ZPaSh23TPcIciLzxMMQdHP0G8xB9aWHgumlKAx4PuQ0im1bQnhu7x4b4Ow7dO2uXq8axAzBpuMQhcN0KkLBZIqo3Lg2Zms&sig=Cg0ArKJSzPQioKn1RzuhEAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=311,847,1001,1001,1001&tos=311,536,154,0,0&v=20211001&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=34&adk=1726166434&rs=6&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1633207563294&rpt=313

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 02 Oct 2021 20:46:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 jsonpcallback Show response
sumo.com/api/ 16 B
239 B 169ms
169ms XHR
application/json 52.34.133.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sumo.com/api/jsonpcallback

Requested by

Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-133-113.us-west-2.compute.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://returncustomer.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
vary: Origin, Accept-Encoding
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://returncustomer.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
content-length: 16

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 22ms
21ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210927&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

6841b762a828aa86ce77c393e726059f231bf164cacd1a0874c1f2596fc7c9b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8553
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
991 B 63ms
39ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=6418152&ct=standard-page&rcu=https%3A%2F%2Freturncustomer.com%2F&pu=https%3A%2F%2Freturncustomer.com%2F&t=Return+Customer+-+Make+your+customers+happy.+Improve+your+business.+Grow+your+revenue&cts=1633207564719&vi=e33ea738f2da0de9916f9fd48487939b&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4fff2b84-2d57-431e-8062-9d422493ea9d
cf-ray: 6980c72fae250605-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=II%2B2DRHynC8S2panp9n3EXsWv%2BvIDk19xA044WfTn%2FCTnvFNSD93rpZpD%2BZ5Y%2BtJ6BtWGN%2Bz4SfCcwQfAL1AuJI3KfRh9n3sQRwe1AtGFZ3WeUiMyPPWUaCl4FSXlyGY61DI"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 32ms
31ms Script
text/javascript 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109280101/show_ads_impl_fy2019.js?bust=31062986

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 02 Oct 2021 20:46:04 GMT

GET
H/1.1 200
OK beacon.gif Show response
rum-collector-2.pingdom.net/img/ 0
213 B 136ms
30ms XHR
text/plain 34.253.150.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-collector-2.pingdom.net/img/beacon.gif?id=51913c0cabe53df814000000&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=583&cE=583&dLE=583&dLS=583&fS=583&hS=-1&rE=-1&rS=-1&reS=592&resS=1126&resE=1127&uEE=-1&uES=-1&dL=1129&dI=1855&dCLES=2516&dCLEE=2526&dC=4131&lES=4131&lEE=4140&s=nt&title=Return%20Customer%20-%20Make%20your%20customers%20happy.%20Improve%20your%20business.%20Grow%20your%20revenue&path=https%3A%2F%2Freturncustomer.com%2F&ref=&sId=vjnvwjs2&sST=1633207564&sIS=1&rV=0&v=1.4.1
Requested by: Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/prum.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.150.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-150-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Sat, 02 Oct 2021 20:46:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 8A69 12 KB
5 KB 6ms
6ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 02 Oct 2021 17:15:47 GMT
expires: Sun, 02 Oct 2022 17:15:47 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12617
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2EF3 783 B
535 B 17ms
17ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

53a2b60a5fc8079ba40037ded5e0d5cd81fb6dc1d980e3426f5574d606c43834

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zZRpM2ZBIoWI0xblqxxXXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://returncustomer.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 02 Oct 2021 20:46:04 GMT
date: Sat, 02 Oct 2021 20:46:04 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-zZRpM2ZBIoWI0xblqxxXXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A69 35 KB
13 KB 7ms
6ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WAz-nyaJu9uVRUq8NsxhsXGtXViWwv7lV4sP3qP2SqA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 09:11:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 128046
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13388
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 23:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 01 Oct 2022 09:11:58 GMT

GET
H3 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 162ms
148ms XHR
application/json 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=6418152&utk=e33ea738f2da0de9916f9fd48487939b&__hstc=123907221.e33ea738f2da0de9916f9fd48487939b.1633207564717.1633207564717.1633207564717.1&__hssc=123907221.1.1633207564717&currentUrl=https%3A%2F%2Freturncustomer.com%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29852292f4deecb852714eab96ecc3931cbb01f36280902892b3c319be6607c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 0ef222ad-19e3-4f4e-884f-028f6e522588
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=38NhMN72GcOmaHKZJmAtzyL4SRggn2yJsUvC8ML337IN5IVOwbfs3JzpnYrs2L13%2BKcBmW2BBtjBy%2FZDIPSigGG6N1fC7dXSMAJtQq8gkJBgDNvgbT%2FC61scW0HQtCc3Km1e"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://returncustomer.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6980c7301ee8698f-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2EF3 0
0 31ms
31ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210927&jk=2257414847907695&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 33ms
32ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210927&jk=2257414847907695&bg=!39yl3JjNAAZNQyuQTUM7ACkAdvg8Wiwp11ZuvPMraT-EdlA4ODkObrrVy2UAA9nOMVufAAPFzQ17wQIAAABmUgAAAAxoAQcKADUFwZ8cfrea6NB2Iy1s9BlsvR0QSeuH-ynStafuvGCs9rG7kfctyx-WdFcbp0QVURA4S1NkKJkCs73RdA_UEYLF7p6gohJy2IJiS3nMh0zGsBcFq5RgN0NQ_t3SPeTl6nT4GiCAFjbPY2x86GUaWOQBKzly47aBaeAtJtqQMAAvC19IL-yiov-3BWGftezYw68U6DZ-DTpWfj12dJvOT7gOZa1Vp9FV6U64yrrIRYifAzsKJtbfN0p1PgfT1jrC0KWxcOl63gVJSTHbugqIlvFtEjuNc-6okqgf_qCd5vUfEi_3FlV-krrq5DMSp3D0U3vURIwVFrNu3feXhQnCPmMKZunYvzXYQe_X0lYs9SdU_2ealvV36QJVejq2zTlAuAxRGZUiNJtEO6SFic_1PmTpv1VBfc8_7xcLfjIPoPV0DnWHfHULdSrRr8wCw8yCAFk6lKGMcK7FUwGXyjpBvOQ_g1UtM02M6qp_IORELz66fWLDyqEbvMvEkO2XZa1DuDmc75CIux56JemobezoPgfv6TIyF6CG0jCOpsQl8puPx5oCk3mb2UkFx2At8z7cRgwuKuYeDaqupwasJfIzUGTOxV5W5_M7feN5q3ocj68iM4ekTzTzEIXRwOcqP002B7aKGfteIRBEGTKMgIYMdxRfl7SPkZSyfDTAXaFqA9crIHFHEcCSTcuUaBVbuAuG6NlRzMXIdgXJH4NvHXRsdMgsiTh3IlJvSbXd8sYJp-7rrQqVrUO8awNtg6u_Pk3xfwfbjiJ4QQuy62ePMpGsiYIpdRYsutJbQznh9kgXcu9QijI-zjtrrX4lGPjVThEfy-2uDsjTg6NNC29qiL1eF7k3vQdoQqj259m6UMXBPLM6giPMoOgtUsgXh1g6dykbUrOMppxPdvcEdrSvsOp3xuC2eQairrfBJdquph6DgPqnmm_Rf4e6zItl99o3mxenOjbdUsdiofMZ7DyfD_K6pZqLUltzzhyo4_CIuN8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 942 B
605 B 16ms
16ms Script
text/javascript 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=explicit

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

337d4f75e8684371edb59eda7eb290d9d8ce630b0ddcdcc98178100dd44c3201

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 584
x-xss-protection: 1; mode=block
expires: Sat, 02 Oct 2021 20:46:04 GMT

GET
H3 200 __ptq.gif
track.hubspot.com/ 45 B
756 B 50ms
39ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=e1d3469c-e25a-4215-9cc1-3e592c6d1ef3&lfi=689843&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=6418152&ct=standard-page&rcu=https%3A%2F%2Freturncustomer.com%2F&pu=https%3A%2F%2Freturncustomer.com%2F&t=Return+Customer+-+Make+your+customers+happy.+Improve+your+business.+Grow+your+revenue&cts=1633207564967&vi=e33ea738f2da0de9916f9fd48487939b&nc=true&u=123907221.e33ea738f2da0de9916f9fd48487939b.1633207564717.1633207564717.1633207564717.1&b=123907221.1.1633207564717&cc=15

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://returncustomer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:46:05 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d3eb3cf5-8175-4fa3-a8c3-014678186549
cf-ray: 6980c7312cb64e86-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QT3nW1giZVpmkkfEDiTeyROAXSUTK98AedFBuyt4FqYDsykap7pHqkuxnj7rMswubhdFyBM63fo7aoM1GPuSXS8dR7RckL1iGyDDUEXsEMUb0kB0spvMK6mEX0WZQT6VeEn"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/-TriQeni1Ls-Mdq_ssN2cUL5/ 346 KB
135 KB 38ms
16ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-TriQeni1Ls-Mdq_ssN2cUL5/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f131.1e100.net

Software

sffe /

Resource Hash

b0236d5c7c5a438a04858e85fe41d24cdcc0cf55a99a45cd2dc36bef08905980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://returncustomer.com/
Origin: https://returncustomer.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 20:09:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138353
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 04:02:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="recaptcha"
expires: Sun, 02 Oct 2022 20:09:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: clients6.google.com
URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.returncustomer.com/	1970-01-20 15:11:19	Name: _ga Value: GA1.2.1588673939.1633207563
.returncustomer.com/	1970-01-19 21:41:33	Name: _gid Value: GA1.2.1974911202.1633207563
.returncustomer.com/	1970-01-19 21:40:07	Name: _gat Value: 1
returncustomer.com/	1970-01-19 22:23:19	Name: __smVID Value: b78417668ca06ab986f6d17b91e1f537a46753669a1a4f5fd0384ddc1db8faaf
.returncustomer.com/	1970-01-20 07:01:43	Name: __gads Value: ID=52ae73a14d02e103-221b471d7bc90021:T=1633207562:RT=1633207562:S=ALNI_Mb9wgJn74Jh2QWCwUTEY01ci-RwhA
.casalemedia.com/	1970-01-20 06:25:43	Name: CMID Value: YVjFC5.B2gfqiZZ2JEt6yQAA
.casalemedia.com/	1970-01-19 23:49:43	Name: CMPS Value: 3174
.adnxs.com/	1970-01-19 23:49:43	Name: uuid2 Value: 2842973433886270795
.casalemedia.com/	1970-01-19 23:49:43	Name: CMPRO Value: 1137
.casalemedia.com/	1970-01-20 06:25:43	Name: CMRUM3 Value: 2d6158c50b2760
returncustomer.com/	1970-01-20 06:25:43	Name: __smToken Value: kYLxPgF9spntIFjoq8Sv33pH
.demdex.net/	1970-01-20 01:59:19	Name: demdex Value: 53319478802453791831335430541469031664
.bmwmini.demdex.net/	1970-01-20 01:59:19	Name: bmwmini Value: 53319478802453791831335430541469031664
.doubleclick.net/	1970-01-20 15:11:19	Name: IDE Value: AHWqTUkCHx_E9_XKqmv8hKIGWqnMm8O--nJ9aUluNWfXkkGavho0cuP4jA2WkOwcpAM
.quantserve.com/	1970-01-19 23:49:43	Name: d Value: EA0BCQGxJIEA
.quantserve.com/	1970-01-20 07:10:21	Name: mc Value: 6158c50c-5519a-ca0f8-f0778
.openx.net/	1970-01-20 06:25:43	Name: i Value: 6a738f47-3ec7-4149-8aa8-af58191109b9\|1633207564
.casalemedia.com/	1970-01-19 21:41:33	Name: CMST Value: YVjFC2FYxQwA
.pubmatic.com/	1970-01-19 21:41:33	Name: KTPCACOOKIE Value: YES
.mookie1.com/	1970-01-20 07:08:55	Name: id Value: 10811383487926792001
.mookie1.com/	1970-01-20 07:08:55	Name: mdata Value: 1\|10811383487926792001\|1633207564372
.mookie1.com/	1970-01-20 07:08:55	Name: ov Value: e51cdb2462e0a0c763c8a669b3a77480
.pubmatic.com/	1970-01-19 23:49:43	Name: KADUSERCOOKIE Value: 480D7885-1198-4B29-8B5D-C8C5AD995943
.reddit.com/	1970-01-20 15:11:19	Name: csv Value: 1
.returncustomer.com/	1970-01-20 07:01:43	Name: __hstc Value: 123907221.e33ea738f2da0de9916f9fd48487939b.1633207564717.1633207564717.1633207564717.1
.returncustomer.com/	1970-01-20 07:01:43	Name: hubspotutk Value: e33ea738f2da0de9916f9fd48487939b
.returncustomer.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.returncustomer.com/	1970-01-19 21:40:09	Name: __hssc Value: 123907221.1.1633207564717
.hubspot.com/	1970-01-19 21:40:09	Name: __cf_bm Value: uHOeZYUBFCKkJfDbRh5NFddF9cIVZjPc4WjFUqal3nw-1633207564-0-AVSxsq94DOBbUdHP7c/jikloMHhjoLSjc5BXcENgmrrZfktnzTJYScjbwjb4S1j7Qwn8+KIE9znU+dfQA3hwQNA=

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20210927/r20110914/zrt_lookup.html?fsb=1 Message: Refused to execute script from 'https://bmwmini.demdex.net/firstevent?d_event=imp&d_src=477693&d_advertiser=3864313&d_site=1389782&d_creative=156991276&d_placement=294993873&d_campaign=24975057' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: https://returncustomer.com/ Message: Access to XMLHttpRequest at 'https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ' from origin 'https://returncustomer.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://clients6.google.com/rpc?key=AIzaSyCKSbrvQasunBoV16zDH9R33D88CeLr9gQ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YVjFC5-B2gfqiZZ2JEt6yQAABHEAAAIB&google_gid=CAESEB_ZmZwLw6zsyU6zsbJ855g&google_push=AYg5qPKO49f8l0Usiu5rynja2niCE2W_iNhZ7ZYU5Mr9RW4fyb1Pu_sDesEqdVtu_4oZqVFJCntItvHLoI1rFylWImqEN35_dQ&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
adservice.google.com
api.bufferapp.com
api.facebook.com
bmwmini.demdex.net
c.betrad.com
c.evidon.com
cc.adingo.jp
clients6.google.com
cm.g.doubleclick.net
cms.quantserve.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
graph.facebook.com
ib.adnxs.com
image6.pubmatic.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.hsleadflows.net
l.betrad.com
load.sumo.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
reddit.com
returncustomer.com
returncustomer.disqus.com
rtb.openx.net
rum-collector-2.pingdom.net
rum-static.pingdom.net
s0.2mdn.net
secure-gg.imrworldwide.com
stats.g.doubleclick.net
sumo.com
tpc.googlesyndication.com
track.hubspot.com
widgets.pinterest.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.reddit.com
www.returncustomer.com
clients6.google.com
cm.g.doubleclick.net
104.111.233.93
104.111.244.187
104.16.139.31
104.16.88.5
104.17.127.171
104.17.212.204
104.17.230.204
104.17.67.176
104.18.21.191
104.19.155.83
104.20.20.239
104.21.85.176
108.177.15.156
142.250.184.194
142.250.184.230
142.250.185.129
142.250.185.138
142.250.185.194
142.250.185.196
142.250.185.206
142.250.185.226
142.250.185.238
142.250.185.70
142.250.186.34
142.250.186.67
142.250.74.194
151.101.64.84
151.101.65.140
157.240.236.15
172.217.16.131
172.67.208.174
185.33.223.38
185.64.189.115
199.232.192.134
2.18.234.21
34.249.249.23
34.253.150.6
34.98.67.61
35.227.252.103
52.205.43.40
52.34.133.113
52.68.53.67
63.32.159.255
69.173.144.139
89.187.169.47
91.228.74.198
04f4de271bac3fc70e9c4fece4bdc005edad22929dd4d543241961292ee9c1a2
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
06f777ff38a8dd1b7583e8323755ef6ed1c5ab41107894ed98792553e82097ba
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd510f6a105dc9a981eef87b7b5f3a964997eaf0a209fd790626c57de6fc670
0f8f3d47e22b05e041b8c08036b1035570098b48a1a7b001bc024c554d6eadb9
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13e9741d8619b07a7e0779171ec4a35d0ee8dad0592a65088f9d3f31af274d43
14e5af43bc6b0df4f5d085cfaf193e21fd4cbca7114e99b5e880e3b2e3bf6403
17b7955c5217a4f21b660740e7f180c302a2a9f53ff45488aa6f5a7e9dbc1b4c
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
23e535494a21b8a1cb0d76737879e90753dd484dcd2437ae87cb611ca43e40ff
2911b334d84ae35bdef7cb396241b38425398b6ae5f91f13a72943e805309ab6
29852292f4deecb852714eab96ecc3931cbb01f36280902892b3c319be6607c3
29a3823b1be3441ad71794b8486dc44051043b58173dd7609fe92a6405c0fc48
2bc98b5956d216197013af35c909aa49d3aa7c26b48de9e9930eb4bd6b846391
2dcc3e9f00570456eebdc6a42bd7cad1218e50a2d81353afe14d2cacc86d3f46
30c4fb3dd162134b4ed6c65ce7f4cabe965e98885686bc60bc5a5af2ec1c41ff
31c35185e5f020c1d099d5feabec1f7029ef6961d7a6d7589803ab43a6757d1b
31c442570bfb26e12ec3cb967f0a9f0f81ac5b489688fc1acc526783fad8b14a
31c5dbafb63fc02f3485648fd6f9cc88a6345d86f7de604e6908e4edba27b8b3
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
337d4f75e8684371edb59eda7eb290d9d8ce630b0ddcdcc98178100dd44c3201
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
38d941fe67bc74992fa9062e0b82ea65480a9837665ec084cceaf201509c0221
3b6c5e88ce0195af4b88df36276eaf88bab0302868497944e8ee92ddd99cb64d
3cc1313c29ba701a9c57abdf02b922217874da93d598ebd38025628cee4f4217
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
467b1c2f19191d0239fe67a14f4dfa8c6177f5b4f0072be7eda822d901491e9a
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4f430df1926f8f2c1211de662c1070de2b98259bfc9bbdd8cf70c7b53d6777cd
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
521bcde312e5dfc1dce72b53f5d710d6191b2257847fda2a2595db52f07e385d
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53a2b60a5fc8079ba40037ded5e0d5cd81fb6dc1d980e3426f5574d606c43834
580cfe9f2689bbdb95454abc36cc61b171ad5d5896c2fee5578b0fdea3f64aa0
5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
62c0c29d9307c0b2c2aa46444aa99e24952948e4a04107bffca1d82906ee78fe
6841b762a828aa86ce77c393e726059f231bf164cacd1a0874c1f2596fc7c9b0
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cd4fdef93aef355d2c534bc7de3d08d9723234a1b0cf6161652193f34e4f820
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
72bd223dadfcc3fe7e65d1d107fe61d98649ad7cf9f220a869c2e048b0aeab1a
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
7611f9137c4d66592ef403d62154c45fafa33a3578dac571f30b0e7533384ae5
7a3e1fa68b2ed9b3c641299d3129d7439377b2f2f21a4f13d17435967ecb00a5
7cc64ec2f55ae9d24be2ca2bd4f933dcf99c9be0ae35871489cf235d5cee6af0
84529ca14ee5f3884372d450a4c94e47ce735b99f7fadd7631e5ad1a6f637674
8554f19187efad4b686116c40ac37f32509659c2a1e8af00b28722392eec8764
867ff39044c47d580bde0bfc1e95bfcc25c21738c79351591641a83a56dc6d3f
875502e389b4bf5c0f72f5ad8333510aa2cad5d569835479d4e040a8a322d8b7
877aae80c7a512acfa423cd406b6687ac41c1ada306c76a7dcfe41a8c9e6a8a1
8806d9eaf9e8ca89fa2404e8cb66a9fa115e0a0f687ad0dcd91cabce4c2179c6
8ed77676d10661c0467f600237ee68475d3d4e58993e200cd953ae54132a0e24
90161e1b4753e107452fe24bf0893324658a9cde074b2b54e2b93bf41e153895
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
93093c6722a3f526d266ca9f8cabdb1aa26f9215ffe4bfdcb9d2238daf6da2fb
95f592c50a907d01bd456cbb0226db40f14199c3a045b3472557c3fa0326709b
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
96eecf341c84e2f3749648a1a8b334230f64b6843eab424d9b1ca9c29324dce2
98982b53678a66205f0d5c468914290ee985309002942ed1c0811314d59ea6ca
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b9b439612eecd459a6edf2abfcf4ae252710e0069772b1b78c4970b3c0f1830
9fe591f8fa54e4dd922613aec0be98e6a6302f1ba657b54fd9c94947bf58fb9a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e8f49ce2aa1c4720cc187c184c8d800182aea43645aa3193c0614703d0c8f4
a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907
a464237db15a393ade86a558144028b5c3864bb373725c4a4248384667684f8f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73a98563485541039998520eaa3f1b8475e8da1f9ae414a74c73df0d5f24f8a
a7c952fb134502f04414a2a3479c8533d5857e9291939332790ff323b4ea5eb4
aa14cc600b408fa60a635661f9b517120b81b79789faae34ca8c5f60ccd3d772
ab343810d672ad54c4932b367e0dd8c7fcb5805901154c2a08b203671846d5bc
ae916135b13cde9d7bc06420ff0b06caf72b2faff5f0ebcd48d4f3cb7e77987d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0236d5c7c5a438a04858e85fe41d24cdcc0cf55a99a45cd2dc36bef08905980
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2db7373b4a646a326952fa386be6fde1ce4c93f101258d840c91e42af13d47d
b38803f733f36ff943399e6539b7fe1fa26611706ce6878b5b21c6a4f96ec862
b5d439b0a1670a4a56384b0b48fcdfabef6e8a5124683f32c6913d1fe22e9563
b8816a62d8c89fa9b93babc5cb516046f90e2ce6bde700703df27e144ccd7090
b962771e91582a7dc95cbf9c6caa71c0ec9aa7ff0570c7924846947659dbdc4b
bcb80c86da267703311d2eeb3bdb5af0dedf63589d7d6eee4ed81f4bad7537f6
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c178b294f465f8c802b3f20752a384d2304c8628f8908d30ff13d02e861c2442
c19455754ead9313cc2221c64f1c66e8378501d8099bdcb3d90bb0b1a170b5ec
c36eb9f49a231993fa4ead31474f6ba49fbba5b2b8630a6d0abb64b3740226c1
c3b1c91d2d72fcbce47799f1f676ceffa4dcf71238644acd612df666b1f551a8
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c435a36c4117826fc7b7b8023aaf45d65e59bcb814c8f1b1e28bea7c49318c13
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c5db15499d7cf6525700d042acc6e2e015fa2d9c8ae6249391b3249fa6c3bb6e
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c6d248d1bca62a13f7a5a6363736e10b4858dd4cc539aaf0018b40b036ac5757
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d29d48c55bdf3839337426482acf82b39999f7acfd0215d0f69a9920f6d07026
d3e3bea95a6ecf4c58fdbcd969b4f9a7ff9c613442f5ed7e1ff33854bef4be0f
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da48b97b44f32bd333c5ca822e07f0997269db7bbd7e85f514035e02a57624f7
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e146694637c659ec76a75f2f92253956460decf38696b9f77d825dde8308efaa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ff589286eef8fb503c00bb974e953cfdae9b6a09d54ee5f18ec0f8e4e83d3f
e7082c0a237e187825ebd01587db9d28e7e9ffd331d6b850a5370fec15813065
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f5e5d5a801cc1e6cee5a9258f9f512e2e3976d555567f1ff2a82aee75690a15c
f8d1eb929b183c4440bfb1c8e7b37f0d43c8618d988f04cfbd47aa70072e040e
fb45c29c9baa1cc8ba294bcb27c76973a066abb4b13b7c91413799c423d82895
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
ff1b48ff9e3ff21e242d785f883796ac8c0bce20ab102212733d1f17c39b8a87

returncustomer.com Open in urlscan Pro 172.67.208.174 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

155 Requests

99 %HTTPS

0 %IPv6

36 Domains

51 Subdomains

43 IPs

7 Countries

2125 kBTransfer

7244 kBSize

29 Cookies

4 Outgoing links

Page URL History

Redirected requests

155 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

returncustomer.com Open in urlscan Pro
172.67.208.174 Public Scan

Screenshot
Live screenshot

Full Image

155
Requests

99 %
HTTPS

0 %
IPv6

36
Domains

51
Subdomains

43
IPs

7
Countries

2125 kB
Transfer

7244 kB
Size

29
Cookies

155 HTTP transactions
7 data transactions